VYPR
Unrated severityNVD Advisory· Published Feb 7, 2026· Updated Mar 5, 2026

WeKan < 8.19 Attachments Publication Information Disclosure

CVE-2026-25562

Description

WeKan versions prior to 8.19 contain an information disclosure vulnerability in the attachments publication. Attachment metadata can be returned without properly scoping results to boards and cards accessible to the requesting user, potentially exposing attachment metadata to unauthorized users.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Wekan/Wekanllm-fuzzy2 versions
    < 8.19+ 1 more
    • (no CPE)range: < 8.19
    • (no CPE)range: 0

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.