Vulnerability Description
A vulnerability was detected in WeKan up to 8.18. The affected element is the function setCreateTranslation of the file client/components/settings/translationBody.js of the component Custom Translation Handler. The manipulation results in improper authorization. The attack can be launched remotely. Upgrading to version 8.19 is sufficient to fix this issue. The patch is identified as f244a43771f6ebf40218b83b9f46dba6b940d7de. It is suggested to upgrade the affected component.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Wekan Project | Wekan | < 8.19 |
Related Weaknesses (CWE)
References
- https://github.com/wekan/wekan/Product
- https://github.com/wekan/wekan/commit/f244a43771f6ebf40218b83b9f46dba6b940d7dePatch
- https://github.com/wekan/wekan/releases/tag/v8.19ProductRelease Notes
- https://vuldb.com/?ctiid.344923Permissions RequiredVDB Entry
- https://vuldb.com/?id.344923Third Party AdvisoryVDB Entry
- https://vuldb.com/?submit.752269Third Party AdvisoryVDB Entry
FAQ
What is CVE-2026-2209?
CVE-2026-2209 is a vulnerability with a CVSS score of 6.3 (MEDIUM). A vulnerability was detected in WeKan up to 8.18. The affected element is the function setCreateTranslation of the file client/components/settings/translationBody.js of the component Custom Translatio...
How severe is CVE-2026-2209?
CVE-2026-2209 has been rated MEDIUM with a CVSS base score of 6.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2026-2209?
Check the references section above for vendor advisories and patch information. Affected products include: Wekan Project Wekan.