Unrated severityNVD Advisory· Published Feb 8, 2026· Updated Feb 23, 2026
WeKan Meteor Publication cards.js CardPubSubBleed information disclosure
CVE-2026-2205
Description
A vulnerability was identified in WeKan up to 8.20. This affects an unknown part of the file server/publications/cards.js of the component Meteor Publication Handler. Such manipulation leads to information disclosure. The attack may be performed from remote. Upgrading to version 8.21 is able to mitigate this issue. The name of the patch is 0f5a9c38778ca550cbab6c5093470e1e90cb837f. Upgrading the affected component is advised.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2Patches
Vulnerability mechanics
References
5- github.com/wekan/wekan/commit/0f5a9c38778ca550cbab6c5093470e1e90cb837fmitrepatch
- github.com/wekan/wekan/releases/tag/v8.21mitrepatch
- vuldb.commitrethird-party-advisory
- vuldb.commitresignaturepermissions-required
- vuldb.commitrevdb-entrytechnical-description
News mentions
0No linked articles in our index yet.