Unrated severityNVD Advisory· Published Feb 8, 2026· Updated Feb 23, 2026

WeKan Administrative Repair fixDuplicateLists.js FixDuplicateBleed access control

CVE-2026-2206

Description

A security flaw has been discovered in WeKan up to 8.20. This vulnerability affects unknown code of the file server/methods/fixDuplicateLists.js of the component Administrative Repair Handler. Performing a manipulation results in improper access controls. It is possible to initiate the attack remotely. Upgrading to version 8.21 is able to resolve this issue. The patch is named 4ce181d17249778094f73d21515f7f863f554743. It is advisable to upgrade the affected component.

Affected products

WeKan/WeKandescription
Wekan/Wekanllm-fuzzy
Range: <=8.20

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/wekan/wekan/commit/4ce181d17249778094f73d21515f7f863f554743mitrepatch
github.com/wekan/wekan/releases/tag/v8.21mitrepatch
vuldb.commitrethird-party-advisory
vuldb.commitresignaturepermissions-required
vuldb.commitrevdb-entrytechnical-description

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000