CVE-2026-1964

low-risk

Published 2026-02-05

A vulnerability was determined in WeKan up to 8.20. This impacts an unknown function of the file models/boards.js of the component REST Endpoint. This manipulation causes improper access controls. Remote exploitation of the attack is possible. Upgrading to version 8.21 will fix this issue. Patch name: 545566f5663545d16174e0f2399f231aa693ab6e. It is advisable to upgrade the affected component.

Do I need to act?

0.06% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 4.3/10 Medium

NETWORK / LOW complexity

Affected Products (1)

Wekan

Affected Vendors

Wekan Project

References (6)

Product https://github.com/wekan/wekan/

Patch https://github.com/wekan/wekan/commit/545566f5663545d16174e0f2399f231aa693ab6e

Product https://github.com/wekan/wekan/releases/tag/v8.21

Permissions Required https://vuldb.com/?ctiid.344486

Third Party Advisory https://vuldb.com/?id.344486

Third Party Advisory https://vuldb.com/?submit.742680

/ 100

low-risk

Severity 18/34 · Moderate

Exploitability 0/34 · Minimal

Exposure 5/34 · Minimal