Unrated severityNVD Advisory· Published Feb 7, 2026· Updated Mar 5, 2026

WeKan < 8.19 Checklist Creation Cross-Board IDOR

CVE-2026-25563

Description

WeKan versions prior to 8.19 contain an insecure direct object reference (IDOR) in checklist creation and related checklist routes. The implementation does not verify that the supplied cardId belongs to the supplied boardId, allowing cross-board ID tampering by manipulating identifiers.

Affected products

Wekan/Wekanv5
Range: 0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/wekan/wekan/commit/5cd875813fdec5a3c40a0358b30a347967c85c14mitrepatch
www.vulncheck.com/advisories/wekan-checklist-creation-cross-board-idormitrethird-party-advisory
wekan.fimitreproduct

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000