Vulnerability Description
A security vulnerability has been detected in WeKan up to 8.20. Impacted is an unknown function of the file server/publications/rules.js of the component Rules Handler. The manipulation leads to missing authorization. The attack can be initiated remotely. Upgrading to version 8.21 is recommended to address this issue. The identifier of the patch is a787bcddf33ca28afb13ff5ea9a4cb92dceac005. The affected component should be upgraded.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Wekan Project | Wekan | < 8.21 |
Related Weaknesses (CWE)
References
- https://github.com/wekan/wekan/Product
- https://github.com/wekan/wekan/commit/a787bcddf33ca28afb13ff5ea9a4cb92dceac005Patch
- https://github.com/wekan/wekan/releases/tag/v8.21ProductRelease Notes
- https://vuldb.com/?ctiid.344922Permissions RequiredVDB Entry
- https://vuldb.com/?id.344922Third Party AdvisoryVDB Entry
- https://vuldb.com/?submit.752164Third Party AdvisoryVDB Entry
FAQ
What is CVE-2026-2208?
CVE-2026-2208 is a vulnerability with a CVSS score of 4.3 (MEDIUM). A security vulnerability has been detected in WeKan up to 8.20. Impacted is an unknown function of the file server/publications/rules.js of the component Rules Handler. The manipulation leads to missi...
How severe is CVE-2026-2208?
CVE-2026-2208 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2026-2208?
Check the references section above for vendor advisories and patch information. Affected products include: Wekan Project Wekan.