CVE-2026-1894

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2026-1894

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-1894.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2026-1894

Published

2026-02-04T23:15:55.657Z

Modified

2026-03-15T22:52:31.801694Z

Severity

5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

A vulnerability was detected in WeKan up to 8.20. This impacts an unknown function of the file models/checklistItems.js of the component REST API. Performing a manipulation of the argument item.cardId/item.checklistId/card.boardId results in improper authorization. Remote exploitation of the attack is possible. Upgrading to version 8.21 will fix this issue. The patch is named 251d49eea94834cf351bb395808f4a56fb4dbb44. Upgrading the affected component is recommended.

References

Affected packages

Git / github.com/wekan/wekan

Affected ranges

Type

GIT

Repo

https://github.com/wekan/wekan

Events

Introduced

Fixed

603a65ef17969a2388c9175d5853197dfa48efe1

Fixed

251d49eea94834cf351bb395808f4a56fb4dbb44

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "8.21"
        }
    ]
}

Affected versions

2.*

2.52

4.*

4.30

4.31

Other

stable

v0.*

v0.10-rc2

v0.10.0

v0.10.0-rc1

v0.10.0-rc3

v0.10.0-rc4

v0.10.1

v0.11.0-rc1

v0.11.0-rc2

v0.11.1-rc1

v0.11.1-rc2

v0.12

v0.13

v0.16

v0.17

v0.18

v0.19

v0.20

v0.21

v0.22

v0.23

v0.24

v0.25

v0.26

v0.27

v0.28

v0.29

v0.30

v0.31

v0.32

v0.33

v0.34

v0.35

v0.36

v0.37

v0.38

v0.39

v0.40

v0.41

v0.42

v0.43

v0.44

v0.45

v0.46

v0.47

v0.48

v0.49

v0.50

v0.51

v0.52

v0.53

v0.54

v0.55

v0.56

v0.57

v0.58

v0.59

v0.60

v0.61

v0.62

v0.63

v0.64

v0.65

v0.66

v0.67

v0.68

v0.69

v0.70

v0.71

v0.72

v0.73

v0.74

v0.75

v0.76

v0.77

v0.78

v0.79

v0.80

v0.81

v0.82

v0.83

v0.84

v0.85

v0.86

v0.87

v0.88

v0.89

v0.9

v0.9.0-rc1

v0.9.0-rc2

v0.90

v0.91

v0.92

v0.93

v0.94

v0.95

v0.96

v0.97

v0.98

v0.99

v1.*

v1.00

v1.01

v1.02

v1.03

v1.04

v1.05

v1.06

v1.07

v1.08

v1.09

v1.10

v1.11

v1.12

v1.13

v1.14

v1.15

v1.16

v1.17

v1.18

v1.19

v1.20

v1.21

v1.23

v1.24

v1.25

v1.26

v1.27

v1.29

v1.30

v1.31

v1.32

v1.33

v1.34

v1.35

v1.36

v1.37

v1.38

v1.39

v1.40

v1.41

v1.42

v1.43

v1.44

v1.45

v1.46

v1.47

v1.48

v1.49

v1.49-edge-1

v1.49.1

v1.50

v1.50.1

v1.50.2

v1.50.3

v1.51

v1.51.1

v1.51.2

v1.52

v1.52.1

v1.53

v1.53.1

v1.53.2

v1.53.3

v1.53.4

v1.53.5

v1.53.6

v1.53.7

v1.53.8

v1.53.9

v1.54

v1.55

v1.55.1

v1.57

v1.58

v1.59

v1.60

v1.61

v1.62

v1.63

v1.64

v1.64.1

v1.64.2

v1.65

v1.66

v1.67

v1.68

v1.69

v1.69.2

v1.70

v1.71

v1.72

v1.73

v1.74

v1.74.1

v1.75

v1.76

v1.77

v1.78

v1.79

v1.80

v1.81

v1.82

v1.83

v1.84

v1.85

v1.86

v1.87

v1.88

v1.89

v1.90

v1.91

v1.92

v1.93

v1.94

v1.95

v1.96

v1.97

v1.98

v1.99

v2.*

v2.00

v2.01

v2.02

v2.03

v2.04

v2.05

v2.06

v2.07

v2.08

v2.09

v2.10

v2.11

v2.12

v2.13

v2.14

v2.15

v2.16

v2.17

v2.18

v2.19

v2.20

v2.21

v2.22

v2.23

v2.24

v2.25

v2.26

v2.27

v2.28

v2.29

v2.30

v2.31

v2.32

v2.33

v2.34

v2.35

v2.36

v2.37

v2.38

v2.39

v2.40

v2.41

v2.42

v2.43

v2.44

v2.45

v2.46

v2.47

v2.48

v2.49

v2.50

v2.51

v2.52

v2.53

v2.54

v2.55

v2.55.1

v2.56

v2.56.1

v2.57

v2.58

v2.59

v2.60

v2.60.1

v2.61

v2.62

v2.63

v2.64

v2.65

v2.66

v2.67

v2.68

v2.69

v2.70

v2.71

v2.72

v2.73

v2.74

v2.75

v2.76

v2.77

v2.78

v2.79

v2.80

v2.81

v2.82

v2.83

v2.84

v2.85

v2.86

v2.87

v2.88

v2.89

v2.90

v2.91

v2.92

v2.94

v2.98

v2.99

v3.*

v3.00

v3.01

v3.02

v3.03

v3.04

v3.05

v3.06

v3.07

v3.08

v3.09

v3.10

v3.11

v3.12

v3.13

v3.14

v3.15

v3.16

v3.17

v3.18

v3.19

v3.20

v3.21

v3.22

v3.23

v3.24

v3.25

v3.26

v3.27

v3.29

v3.30

v3.31

v3.32

v3.33

v3.34

v3.35

v3.36

v3.37

v3.38

v3.39

v3.40

v3.41

v3.42

v3.43

v3.44

v3.45

v3.46

v3.47

v3.48

v3.49

v3.50

v3.51

v3.52

v3.53

v3.54

v3.55

v3.56

v3.57

v3.58

v3.59

v3.60

v3.61

v3.62

v3.63

v3.64

v3.65

v3.66

v3.67

v3.68

v3.69

v3.70

v3.71

v3.73

v3.74

v3.75

v3.76

v3.77

v3.78

v3.79

v3.80

v3.81

v3.82

v3.83

v3.84

v3.85

v3.86

v3.87

v3.88

v3.89

v3.90

v3.91

v3.92

v3.93

v3.94

v3.95

v3.96

v3.97

v3.98

v3.99

v4.*

v4.00

v4.01

v4.02

v4.03

v4.04

v4.05

v4.06

v4.07

v4.08

v4.09

v4.10

v4.11

v4.12

v4.13

v4.14

v4.15

v4.16

v4.17

v4.18

v4.19

v4.20

v4.21

v4.22

v4.23

v4.24

v4.25

v4.26

v4.27

v4.28

v4.29

v4.32

v4.33

v4.34

v4.35

v4.36

v4.37

v4.38

v4.39

v4.40

v4.41

v4.42

v4.43

v4.44

v4.45

v4.46

v4.47

v4.48

v4.49

v4.50

v4.51

v4.52

v4.53

v4.54

v4.55

v4.56

v4.57

v4.58

v4.59

v4.60

v4.61

v4.62

v4.63

v4.64

v4.65

v4.66

v4.67

v4.68

v4.69

v4.70

v4.71

v4.72

v4.73

v4.74

v4.75

v4.76

v4.77

v4.78

v4.79

v4.80

v4.81

v4.82

v4.83

v4.84

v4.85

v4.86

v4.87

v4.88

v4.89

v4.90

v4.91

v4.92

v4.93

v4.94

v4.95

v4.96

v4.98

v4.99

v5.*

v5.00

v5.01

v5.02

v5.03

v5.04

v5.05

v5.06

v5.07

v5.08

v5.09

v5.10

v5.11

v5.12

v5.13

v5.14

v5.15

v5.16

v5.17

v5.18

v5.19

v5.20

v5.21

v5.22

v5.23

v5.24

v5.25

v5.26

v5.27

v5.28

v5.29

v5.30

v5.31

v5.32

v5.33

v5.34

v5.35

v5.36

v5.37

v5.38

v5.39

v5.40

v5.41

v5.42

v5.43

v5.44

v5.45

v5.46

v5.47

v5.48

v5.49

v5.50

v5.51

v5.52

v5.53

v5.54

v5.55

v5.56

v5.57

v5.58

v5.59

v5.60

v5.61

v5.62

v5.63

v5.64

v5.65

v5.66

v5.67

v5.68

v5.69

v5.70

v5.71

v5.72

v5.73

v5.74

v5.75

v5.76

v5.77

v5.78

v5.79

v5.80

v5.81

v5.82

v5.83

v5.84

v5.85

v5.86

v5.87

v5.88

v5.89

v5.90

v5.91

v5.92

v5.93

v5.94

v5.95

v5.96

v5.97

v5.98

v5.99

v6.*

v6.00

v6.01

v6.02

v6.03

v6.04

v6.05

v6.06

v6.07

v6.08

v6.09

v6.10

v6.11

v6.12

v6.13

v6.14

v6.15

v6.16

v6.17

v6.18

v6.19

v6.20

v6.21

v6.22

v6.23

v6.24

v6.25

v6.26

v6.27

v6.28

v6.29

v6.30

v6.31

v6.32

v6.33

v6.34

v6.35

v6.36

v6.37

v6.38

v6.39

v6.40

v6.41

v6.42

v6.43

v6.44

v6.45

v6.46

v6.47

v6.48

v6.49

v6.50

v6.51

v6.52

v6.53

v6.54

v6.55

v6.56

v6.57

v6.58

v6.59

v6.60

v6.61

v6.62

v6.63

v6.64

v6.65

v6.67

v6.68

v6.69

v6.70

v6.71

v6.72

v6.73

v6.74

v6.75

v6.76

v6.77

v6.78

v6.79

v6.80

v6.81

v6.82

v6.83

v6.84

v6.85

v6.86

v6.87

v6.88

v6.89

v6.90

v6.91

v6.92

v6.93

v6.94

v6.95

v6.96

v6.97

v6.98

v6.99

v6.99.1

v6.99.2

v6.99.3

v6.99.4

v6.99.5

v6.99.6

v6.99.7

v6.99.8

v6.99.9

v7.*

v7.00

v7.01

v7.02

v7.03

v7.04

v7.05

v7.06

v7.07

v7.08

v7.09

v7.10

v7.11

v7.12

v7.14

v7.15

v7.16

v7.17

v7.18

v7.19

v7.20

v7.21

v7.22

v7.23

v7.24

v7.25

v7.26

v7.27

v7.28

v7.29

v7.30

v7.31

v7.32

v7.33

v7.34

v7.35

v7.36

v7.37

v7.38

v7.39

v7.40

v7.41

v7.42

v7.43

v7.44

v7.45

v7.46

v7.47

v7.48

v7.49

v7.50

v7.51

v7.52

v7.53

v7.54

v7.55

v7.56

v7.57

v7.58

v7.59

v7.60

v7.61

v7.62

v7.63

v7.64

v7.65

v7.67

v7.68

v7.69

v7.70

v7.71

v7.72

v7.73

v7.74

v7.75

v7.76

v7.77

v7.78

v7.79

v7.80

v7.81

v7.82

v7.83

v7.84

v7.85

v7.86

v7.87

v7.88

v7.89

v7.90

v7.91

v7.92

v7.93

v7.95

v7.96

v7.97

v7.98

v7.99

v8.*

v8.00

v8.01

v8.02

v8.03

v8.04

v8.05

v8.06

v8.07

v8.08

v8.09

v8.10

v8.11

v8.12

v8.14

v8.15

v8.16

v8.17

v8.18

v8.19

v8.20

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-1894.json"