Vulnerability Description
A vulnerability was determined in WeKan up to 8.20. This impacts an unknown function of the file models/boards.js of the component REST Endpoint. This manipulation causes improper access controls. Remote exploitation of the attack is possible. Upgrading to version 8.21 will fix this issue. Patch name: 545566f5663545d16174e0f2399f231aa693ab6e. It is advisable to upgrade the affected component.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Wekan Project | Wekan | < 8.21 |
Related Weaknesses (CWE)
References
- https://github.com/wekan/wekan/Product
- https://github.com/wekan/wekan/commit/545566f5663545d16174e0f2399f231aa693ab6ePatch
- https://github.com/wekan/wekan/releases/tag/v8.21ProductRelease Notes
- https://vuldb.com/?ctiid.344486Permissions RequiredVDB Entry
- https://vuldb.com/?id.344486Third Party AdvisoryVDB Entry
- https://vuldb.com/?submit.742680Third Party AdvisoryVDB Entry
FAQ
What is CVE-2026-1964?
CVE-2026-1964 is a vulnerability with a CVSS score of 4.3 (MEDIUM). A vulnerability was determined in WeKan up to 8.20. This impacts an unknown function of the file models/boards.js of the component REST Endpoint. This manipulation causes improper access controls. Rem...
How severe is CVE-2026-1964?
CVE-2026-1964 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2026-1964?
Check the references section above for vendor advisories and patch information. Affected products include: Wekan Project Wekan.