CVE Catalog

CVE-2026-25565

MediumCVSS 6.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.28%

20th percentile - higher than 20% of all known CVEs

Summary

An authorization vulnerability in WeKan versions prior to 8.19 allows certain card update API paths to validate only board read access instead of requiring write permission.

Risk Assessment

Users with read-only roles can perform unauthorized card updates, compromising data integrity and potentially causing unwanted changes to boards.

Recommendation

Upgrade WeKan to version 8.19 or later immediately, which includes a fix enforcing proper write permissions for card update APIs.

Original NVD description (English source)

WeKan versions prior to 8.19 contain an authorization vulnerability where certain card update API paths validate only board read access rather than requiring write permission. This can allow users with read-only roles to perform card updates that should require write access.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS