Unrated severityNVD Advisory· Published Feb 7, 2026· Updated Mar 5, 2026
WeKan < 8.19 Checklist Creation Cross-Board IDOR
CVE-2026-25563
Description
WeKan versions prior to 8.19 contain an insecure direct object reference (IDOR) in checklist creation and related checklist routes. The implementation does not verify that the supplied cardId belongs to the supplied boardId, allowing cross-board ID tampering by manipulating identifiers.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2Patches
Vulnerability mechanics
References
3- github.com/wekan/wekan/commit/5cd875813fdec5a3c40a0358b30a347967c85c14mitrepatch
- www.vulncheck.com/advisories/wekan-checklist-creation-cross-board-idormitrethird-party-advisory
- wekan.fimitreproduct
News mentions
0No linked articles in our index yet.