Vulnerability Description
A flaw has been found in WeKan up to 8.20. Affected is the function applyWipLimit of the file models/lists.js of the component Attachment Storage Handler. Executing a manipulation can lead to improper access controls. The attack can be executed remotely. Upgrading to version 8.21 is able to address this issue. This patch is called 8c0b4f79d8582932528ec2fdf2a4487c86770fb9. It is recommended to upgrade the affected component.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Wekan Project | Wekan | < 8.21 |
Related Weaknesses (CWE)
References
- https://github.com/wekan/wekan/Product
- https://github.com/wekan/wekan/commit/8c0b4f79d8582932528ec2fdf2a4487c86770fb9Patch
- https://github.com/wekan/wekan/releases/tag/v8.21ProductRelease Notes
- https://vuldb.com/?ctiid.344267Permissions RequiredVDB Entry
- https://vuldb.com/?id.344267Third Party AdvisoryVDB Entry
- https://vuldb.com/?submit.742666Third Party AdvisoryVDB Entry
- https://vuldb.com/?submit.742679
FAQ
What is CVE-2026-1895?
CVE-2026-1895 is a vulnerability with a CVSS score of 6.3 (MEDIUM). A flaw has been found in WeKan up to 8.20. Affected is the function applyWipLimit of the file models/lists.js of the component Attachment Storage Handler. Executing a manipulation can lead to improper...
How severe is CVE-2026-1895?
CVE-2026-1895 has been rated MEDIUM with a CVSS base score of 6.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2026-1895?
Check the references section above for vendor advisories and patch information. Affected products include: Wekan Project Wekan.