CVE-2026-25565
MediumCVSS 6.5Exploitation Probability (EPSS)
Low risk20th percentile - higher than 20% of all known CVEs
Summary
An authorization vulnerability in WeKan versions prior to 8.19 allows certain card update API paths to validate only board read access instead of requiring write permission.
Risk Assessment
Users with read-only roles can perform unauthorized card updates, compromising data integrity and potentially causing unwanted changes to boards.
Recommendation
Upgrade WeKan to version 8.19 or later immediately, which includes a fix enforcing proper write permissions for card update APIs.
Original NVD description (English source)
WeKan versions prior to 8.19 contain an authorization vulnerability where certain card update API paths validate only board read access rather than requiring write permission. This can allow users with read-only roles to perform card updates that should require write access.

