CVE-2026-1895

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2026-1895

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-1895.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2026-1895

Published

2026-02-04T23:15:55.860Z

Modified

2026-03-14T15:05:37.595686Z

Severity

6.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L CVSS Calculator

Summary

[none]

Details

A flaw has been found in WeKan up to 8.20. Affected is the function applyWipLimit of the file models/lists.js of the component Attachment Storage Handler. Executing a manipulation can lead to improper access controls. The attack can be executed remotely. Upgrading to version 8.21 is able to address this issue. This patch is called 8c0b4f79d8582932528ec2fdf2a4487c86770fb9. It is recommended to upgrade the affected component.

References

Affected packages

Git / github.com/wekan/wekan

Affected ranges

Type

GIT

Repo

https://github.com/wekan/wekan

Events

Introduced

Fixed

603a65ef17969a2388c9175d5853197dfa48efe1

Fixed

8c0b4f79d8582932528ec2fdf2a4487c86770fb9

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "8.21"
        }
    ]
}

Affected versions

2.*

2.52

4.*

4.30

4.31

Other

stable

v0.*

v0.10-rc2

v0.10.0

v0.10.0-rc1

v0.10.0-rc3

v0.10.0-rc4

v0.10.1

v0.11.0-rc1

v0.11.0-rc2

v0.11.1-rc1

v0.11.1-rc2

v0.12

v0.13

v0.16

v0.17

v0.18

v0.19

v0.20

v0.21

v0.22

v0.23

v0.24

v0.25

v0.26

v0.27

v0.28

v0.29

v0.30

v0.31

v0.32

v0.33

v0.34

v0.35

v0.36

v0.37

v0.38

v0.39

v0.40

v0.41

v0.42

v0.43

v0.44

v0.45

v0.46

v0.47

v0.48

v0.49

v0.50

v0.51

v0.52

v0.53

v0.54

v0.55

v0.56

v0.57

v0.58

v0.59

v0.60

v0.61

v0.62

v0.63

v0.64

v0.65

v0.66

v0.67

v0.68

v0.69

v0.70

v0.71

v0.72

v0.73

v0.74

v0.75

v0.76

v0.77

v0.78

v0.79

v0.80

v0.81

v0.82

v0.83

v0.84

v0.85

v0.86

v0.87

v0.88

v0.89

v0.9

v0.9.0-rc1

v0.9.0-rc2

v0.90

v0.91

v0.92

v0.93

v0.94

v0.95

v0.96

v0.97

v0.98

v0.99

v1.*

v1.00

v1.01

v1.02

v1.03

v1.04

v1.05

v1.06

v1.07

v1.08

v1.09

v1.10

v1.11

v1.12

v1.13

v1.14

v1.15

v1.16

v1.17

v1.18

v1.19

v1.20

v1.21

v1.23

v1.24

v1.25

v1.26

v1.27

v1.29

v1.30

v1.31

v1.32

v1.33

v1.34

v1.35

v1.36

v1.37

v1.38

v1.39

v1.40

v1.41

v1.42

v1.43

v1.44

v1.45

v1.46

v1.47

v1.48

v1.49

v1.49-edge-1

v1.49.1

v1.50

v1.50.1

v1.50.2

v1.50.3

v1.51

v1.51.1

v1.51.2

v1.52

v1.52.1

v1.53

v1.53.1

v1.53.2

v1.53.3

v1.53.4

v1.53.5

v1.53.6

v1.53.7

v1.53.8

v1.53.9

v1.54

v1.55

v1.55.1

v1.57

v1.58

v1.59

v1.60

v1.61

v1.62

v1.63

v1.64

v1.64.1

v1.64.2

v1.65

v1.66

v1.67

v1.68

v1.69

v1.69.2

v1.70

v1.71

v1.72

v1.73

v1.74

v1.74.1

v1.75

v1.76

v1.77

v1.78

v1.79

v1.80

v1.81

v1.82

v1.83

v1.84

v1.85

v1.86

v1.87

v1.88

v1.89

v1.90

v1.91

v1.92

v1.93

v1.94

v1.95

v1.96

v1.97

v1.98

v1.99

v2.*

v2.00

v2.01

v2.02

v2.03

v2.04

v2.05

v2.06

v2.07

v2.08

v2.09

v2.10

v2.11

v2.12

v2.13

v2.14

v2.15

v2.16

v2.17

v2.18

v2.19

v2.20

v2.21

v2.22

v2.23

v2.24

v2.25

v2.26

v2.27

v2.28

v2.29

v2.30

v2.31

v2.32

v2.33

v2.34

v2.35

v2.36

v2.37

v2.38

v2.39

v2.40

v2.41

v2.42

v2.43

v2.44

v2.45

v2.46

v2.47

v2.48

v2.49

v2.50

v2.51

v2.52

v2.53

v2.54

v2.55

v2.55.1

v2.56

v2.56.1

v2.57

v2.58

v2.59

v2.60

v2.60.1

v2.61

v2.62

v2.63

v2.64

v2.65

v2.66

v2.67

v2.68

v2.69

v2.70

v2.71

v2.72

v2.73

v2.74

v2.75

v2.76

v2.77

v2.78

v2.79

v2.80

v2.81

v2.82

v2.83

v2.84

v2.85

v2.86

v2.87

v2.88

v2.89

v2.90

v2.91

v2.92

v2.94

v2.98

v2.99

v3.*

v3.00

v3.01

v3.02

v3.03

v3.04

v3.05

v3.06

v3.07

v3.08

v3.09

v3.10

v3.11

v3.12

v3.13

v3.14

v3.15

v3.16

v3.17

v3.18

v3.19

v3.20

v3.21

v3.22

v3.23

v3.24

v3.25

v3.26

v3.27

v3.29

v3.30

v3.31

v3.32

v3.33

v3.34

v3.35

v3.36

v3.37

v3.38

v3.39

v3.40

v3.41

v3.42

v3.43

v3.44

v3.45

v3.46

v3.47

v3.48

v3.49

v3.50

v3.51

v3.52

v3.53

v3.54

v3.55

v3.56

v3.57

v3.58

v3.59

v3.60

v3.61

v3.62

v3.63

v3.64

v3.65

v3.66

v3.67

v3.68

v3.69

v3.70

v3.71

v3.73

v3.74

v3.75

v3.76

v3.77

v3.78

v3.79

v3.80

v3.81

v3.82

v3.83

v3.84

v3.85

v3.86

v3.87

v3.88

v3.89

v3.90

v3.91

v3.92

v3.93

v3.94

v3.95

v3.96

v3.97

v3.98

v3.99

v4.*

v4.00

v4.01

v4.02

v4.03

v4.04

v4.05

v4.06

v4.07

v4.08

v4.09

v4.10

v4.11

v4.12

v4.13

v4.14

v4.15

v4.16

v4.17

v4.18

v4.19

v4.20

v4.21

v4.22

v4.23

v4.24

v4.25

v4.26

v4.27

v4.28

v4.29

v4.32

v4.33

v4.34

v4.35

v4.36

v4.37

v4.38

v4.39

v4.40

v4.41

v4.42

v4.43

v4.44

v4.45

v4.46

v4.47

v4.48

v4.49

v4.50

v4.51

v4.52

v4.53

v4.54

v4.55

v4.56

v4.57

v4.58

v4.59

v4.60

v4.61

v4.62

v4.63

v4.64

v4.65

v4.66

v4.67

v4.68

v4.69

v4.70

v4.71

v4.72

v4.73

v4.74

v4.75

v4.76

v4.77

v4.78

v4.79

v4.80

v4.81

v4.82

v4.83

v4.84

v4.85

v4.86

v4.87

v4.88

v4.89

v4.90

v4.91

v4.92

v4.93

v4.94

v4.95

v4.96

v4.98

v4.99

v5.*

v5.00

v5.01

v5.02

v5.03

v5.04

v5.05

v5.06

v5.07

v5.08

v5.09

v5.10

v5.11

v5.12

v5.13

v5.14

v5.15

v5.16

v5.17

v5.18

v5.19

v5.20

v5.21

v5.22

v5.23

v5.24

v5.25

v5.26

v5.27

v5.28

v5.29

v5.30

v5.31

v5.32

v5.33

v5.34

v5.35

v5.36

v5.37

v5.38

v5.39

v5.40

v5.41

v5.42

v5.43

v5.44

v5.45

v5.46

v5.47

v5.48

v5.49

v5.50

v5.51

v5.52

v5.53

v5.54

v5.55

v5.56

v5.57

v5.58

v5.59

v5.60

v5.61

v5.62

v5.63

v5.64

v5.65

v5.66

v5.67

v5.68

v5.69

v5.70

v5.71

v5.72

v5.73

v5.74

v5.75

v5.76

v5.77

v5.78

v5.79

v5.80

v5.81

v5.82

v5.83

v5.84

v5.85

v5.86

v5.87

v5.88

v5.89

v5.90

v5.91

v5.92

v5.93

v5.94

v5.95

v5.96

v5.97

v5.98

v5.99

v6.*

v6.00

v6.01

v6.02

v6.03

v6.04

v6.05

v6.06

v6.07

v6.08

v6.09

v6.10

v6.11

v6.12

v6.13

v6.14

v6.15

v6.16

v6.17

v6.18

v6.19

v6.20

v6.21

v6.22

v6.23

v6.24

v6.25

v6.26

v6.27

v6.28

v6.29

v6.30

v6.31

v6.32

v6.33

v6.34

v6.35

v6.36

v6.37

v6.38

v6.39

v6.40

v6.41

v6.42

v6.43

v6.44

v6.45

v6.46

v6.47

v6.48

v6.49

v6.50

v6.51

v6.52

v6.53

v6.54

v6.55

v6.56

v6.57

v6.58

v6.59

v6.60

v6.61

v6.62

v6.63

v6.64

v6.65

v6.67

v6.68

v6.69

v6.70

v6.71

v6.72

v6.73

v6.74

v6.75

v6.76

v6.77

v6.78

v6.79

v6.80

v6.81

v6.82

v6.83

v6.84

v6.85

v6.86

v6.87

v6.88

v6.89

v6.90

v6.91

v6.92

v6.93

v6.94

v6.95

v6.96

v6.97

v6.98

v6.99

v6.99.1

v6.99.2

v6.99.3

v6.99.4

v6.99.5

v6.99.6

v6.99.7

v6.99.8

v6.99.9

v7.*

v7.00

v7.01

v7.02

v7.03

v7.04

v7.05

v7.06

v7.07

v7.08

v7.09

v7.10

v7.11

v7.12

v7.14

v7.15

v7.16

v7.17

v7.18

v7.19

v7.20

v7.21

v7.22

v7.23

v7.24

v7.25

v7.26

v7.27

v7.28

v7.29

v7.30

v7.31

v7.32

v7.33

v7.34

v7.35

v7.36

v7.37

v7.38

v7.39

v7.40

v7.41

v7.42

v7.43

v7.44

v7.45

v7.46

v7.47

v7.48

v7.49

v7.50

v7.51

v7.52

v7.53

v7.54

v7.55

v7.56

v7.57

v7.58

v7.59

v7.60

v7.61

v7.62

v7.63

v7.64

v7.65

v7.67

v7.68

v7.69

v7.70

v7.71

v7.72

v7.73

v7.74

v7.75

v7.76

v7.77

v7.78

v7.79

v7.80

v7.81

v7.82

v7.83

v7.84

v7.85

v7.86

v7.87

v7.88

v7.89

v7.90

v7.91

v7.92

v7.93

v7.95

v7.96

v7.97

v7.98

v7.99

v8.*

v8.00

v8.01

v8.02

v8.03

v8.04

v8.05

v8.06

v8.07

v8.08

v8.09

v8.10

v8.11

v8.12

v8.14

v8.15

v8.16

v8.17

v8.18

v8.19

v8.20

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-1895.json"