VYPR
Unrated severityNVD Advisory· Published Feb 7, 2026· Updated Mar 5, 2026

WeKan < 8.19 Cross-board Card Move Without Destination Authorization

CVE-2026-25566

Description

WeKan versions prior to 8.19 contain an authorization vulnerability in card move logic. A user can specify a destination board/list/swimlane without adequate authorization checks for the destination and without validating that destination objects belong to the destination board, potentially enabling unauthorized cross-board moves.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Wekan/Wekanllm-fuzzy2 versions
    <8.19+ 1 more
    • (no CPE)range: <8.19
    • (no CPE)range: 0

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.