Vulnerability Description
A security flaw has been discovered in WeKan up to 8.20. This vulnerability affects unknown code of the file server/methods/fixDuplicateLists.js of the component Administrative Repair Handler. Performing a manipulation results in improper access controls. It is possible to initiate the attack remotely. Upgrading to version 8.21 is able to resolve this issue. The patch is named 4ce181d17249778094f73d21515f7f863f554743. It is advisable to upgrade the affected component.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Wekan Project | Wekan | < 8.21 |
Related Weaknesses (CWE)
References
- https://github.com/wekan/wekan/Product
- https://github.com/wekan/wekan/commit/4ce181d17249778094f73d21515f7f863f554743Patch
- https://github.com/wekan/wekan/releases/tag/v8.21ProductRelease Notes
- https://vuldb.com/?ctiid.344920Permissions RequiredVDB Entry
- https://vuldb.com/?id.344920Third Party AdvisoryVDB Entry
- https://vuldb.com/?submit.752162Third Party AdvisoryVDB Entry
FAQ
What is CVE-2026-2206?
CVE-2026-2206 is a vulnerability with a CVSS score of 6.3 (MEDIUM). A security flaw has been discovered in WeKan up to 8.20. This vulnerability affects unknown code of the file server/methods/fixDuplicateLists.js of the component Administrative Repair Handler. Perform...
How severe is CVE-2026-2206?
CVE-2026-2206 has been rated MEDIUM with a CVSS base score of 6.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2026-2206?
Check the references section above for vendor advisories and patch information. Affected products include: Wekan Project Wekan.