Vulnerabilities

CVE-2026-25561 - WeKan < 8.19 Attachment Upload Object Relationship Validation Bypass

2026-02-08 0 views admin

CVE ID : CVE-2026-25561 Published : Feb. 7, 2026, 10:16 p.m. | 1 hour, 6 minutes ago Description : WeKan versions prior to 8.19 contain an authorization weakness in the attachment upload API. The API does not fully validate that provided identifiers (such as boardId, cardId, swimlaneId, and listId) are consistent and refer to a coherent card/board relationship, enabling attempts to upload attachments with mismatched object relationships. Severity: 7.1 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE Details

CVE ID

CVE-2026-25561

Severity

HIGH

Published

Feb. 7, 2026

🏷️ Tags

cvevulnerabilitysecuritycybersecuritycve-2026-25561high

CVE-2026-25561 - WeKan < 8.19 Attachment Upload Object Relationship Validation Bypass

CVE Details

🏷️ Tags

More from Vulnerabilities

CVE-2025-15100 - JAY Login & Register <= 2.6.03 - authenticated (subscriber+) privilege escalatio...

CVE-2025-15027 - JAY Login & Register <= 2.6.03 - unauthenticated privilege escalation via jay_lo...

CVE-2026-2209 - WeKan Custom Translation translationBody.js setCreateTranslation improper authori...

CVE-2026-2207 - WeKan Activity Publication activities.js LinkedBoardActivitiesBleed information d...

Trending

CVE-2025-61481: Critical Remote Code Execution Vulnerability in MikroTik RouterOS & SwitchOS

CVE-2025-43939: Dell Unity OS Command Injection (High)

Google disputes false claims of massive Gmail data breach

Microsoft: DNS outage impacts Azure and Microsoft 365 services

3.5B Accounts, 1 Critical Flaw: Meta Closes WhatsApp Data-Harvesting