CVE-2026-1962

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2026-1962

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-1962.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2026-1962

Published

2026-02-05T21:15:52.987Z

Modified

2026-03-13T04:02:18.452214Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

A vulnerability has been found in WeKan up to 8.20. The impacted element is an unknown function of the file server/attachmentMigration.js of the component Attachment Migration. The manipulation leads to improper access controls. The attack may be initiated remotely. Upgrading to version 8.21 is sufficient to resolve this issue. The identifier of the patch is 053bf1dfb76ef230db162c64a6ed50ebedf67eee. It is recommended to upgrade the affected component.

References

Affected packages

Git / github.com/wekan/wekan

Affected ranges

Type

GIT

Repo

https://github.com/wekan/wekan

Events

Introduced

Fixed

603a65ef17969a2388c9175d5853197dfa48efe1

Fixed

053bf1dfb76ef230db162c64a6ed50ebedf67eee

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "8.21"
        }
    ]
}

Affected versions

2.*

2.52

4.*

4.30

4.31

Other

stable

v0.*

v0.10-rc2

v0.10.0

v0.10.0-rc1

v0.10.0-rc3

v0.10.0-rc4

v0.10.1

v0.11.0-rc1

v0.11.0-rc2

v0.11.1-rc1

v0.11.1-rc2

v0.12

v0.13

v0.16

v0.17

v0.18

v0.19

v0.20

v0.21

v0.22

v0.23

v0.24

v0.25

v0.26

v0.27

v0.28

v0.29

v0.30

v0.31

v0.32

v0.33

v0.34

v0.35

v0.36

v0.37

v0.38

v0.39

v0.40

v0.41

v0.42

v0.43

v0.44

v0.45

v0.46

v0.47

v0.48

v0.49

v0.50

v0.51

v0.52

v0.53

v0.54

v0.55

v0.56

v0.57

v0.58

v0.59

v0.60

v0.61

v0.62

v0.63

v0.64

v0.65

v0.66

v0.67

v0.68

v0.69

v0.70

v0.71

v0.72

v0.73

v0.74

v0.75

v0.76

v0.77

v0.78

v0.79

v0.80

v0.81

v0.82

v0.83

v0.84

v0.85

v0.86

v0.87

v0.88

v0.89

v0.9

v0.9.0-rc1

v0.9.0-rc2

v0.90

v0.91

v0.92

v0.93

v0.94

v0.95

v0.96

v0.97

v0.98

v0.99

v1.*

v1.00

v1.01

v1.02

v1.03

v1.04

v1.05

v1.06

v1.07

v1.08

v1.09

v1.10

v1.11

v1.12

v1.13

v1.14

v1.15

v1.16

v1.17

v1.18

v1.19

v1.20

v1.21

v1.23

v1.24

v1.25

v1.26

v1.27

v1.29

v1.30

v1.31

v1.32

v1.33

v1.34

v1.35

v1.36

v1.37

v1.38

v1.39

v1.40

v1.41

v1.42

v1.43

v1.44

v1.45

v1.46

v1.47

v1.48

v1.49

v1.49-edge-1

v1.49.1

v1.50

v1.50.1

v1.50.2

v1.50.3

v1.51

v1.51.1

v1.51.2

v1.52

v1.52.1

v1.53

v1.53.1

v1.53.2

v1.53.3

v1.53.4

v1.53.5

v1.53.6

v1.53.7

v1.53.8

v1.53.9

v1.54

v1.55

v1.55.1

v1.57

v1.58

v1.59

v1.60

v1.61

v1.62

v1.63

v1.64

v1.64.1

v1.64.2

v1.65

v1.66

v1.67

v1.68

v1.69

v1.69.2

v1.70

v1.71

v1.72

v1.73

v1.74

v1.74.1

v1.75

v1.76

v1.77

v1.78

v1.79

v1.80

v1.81

v1.82

v1.83

v1.84

v1.85

v1.86

v1.87

v1.88

v1.89

v1.90

v1.91

v1.92

v1.93

v1.94

v1.95

v1.96

v1.97

v1.98

v1.99

v2.*

v2.00

v2.01

v2.02

v2.03

v2.04

v2.05

v2.06

v2.07

v2.08

v2.09

v2.10

v2.11

v2.12

v2.13

v2.14

v2.15

v2.16

v2.17

v2.18

v2.19

v2.20

v2.21

v2.22

v2.23

v2.24

v2.25

v2.26

v2.27

v2.28

v2.29

v2.30

v2.31

v2.32

v2.33

v2.34

v2.35

v2.36

v2.37

v2.38

v2.39

v2.40

v2.41

v2.42

v2.43

v2.44

v2.45

v2.46

v2.47

v2.48

v2.49

v2.50

v2.51

v2.52

v2.53

v2.54

v2.55

v2.55.1

v2.56

v2.56.1

v2.57

v2.58

v2.59

v2.60

v2.60.1

v2.61

v2.62

v2.63

v2.64

v2.65

v2.66

v2.67

v2.68

v2.69

v2.70

v2.71

v2.72

v2.73

v2.74

v2.75

v2.76

v2.77

v2.78

v2.79

v2.80

v2.81

v2.82

v2.83

v2.84

v2.85

v2.86

v2.87

v2.88

v2.89

v2.90

v2.91

v2.92

v2.94

v2.98

v2.99

v3.*

v3.00

v3.01

v3.02

v3.03

v3.04

v3.05

v3.06

v3.07

v3.08

v3.09

v3.10

v3.11

v3.12

v3.13

v3.14

v3.15

v3.16

v3.17

v3.18

v3.19

v3.20

v3.21

v3.22

v3.23

v3.24

v3.25

v3.26

v3.27

v3.29

v3.30

v3.31

v3.32

v3.33

v3.34

v3.35

v3.36

v3.37

v3.38

v3.39

v3.40

v3.41

v3.42

v3.43

v3.44

v3.45

v3.46

v3.47

v3.48

v3.49

v3.50

v3.51

v3.52

v3.53

v3.54

v3.55

v3.56

v3.57

v3.58

v3.59

v3.60

v3.61

v3.62

v3.63

v3.64

v3.65

v3.66

v3.67

v3.68

v3.69

v3.70

v3.71

v3.73

v3.74

v3.75

v3.76

v3.77

v3.78

v3.79

v3.80

v3.81

v3.82

v3.83

v3.84

v3.85

v3.86

v3.87

v3.88

v3.89

v3.90

v3.91

v3.92

v3.93

v3.94

v3.95

v3.96

v3.97

v3.98

v3.99

v4.*

v4.00

v4.01

v4.02

v4.03

v4.04

v4.05

v4.06

v4.07

v4.08

v4.09

v4.10

v4.11

v4.12

v4.13

v4.14

v4.15

v4.16

v4.17

v4.18

v4.19

v4.20

v4.21

v4.22

v4.23

v4.24

v4.25

v4.26

v4.27

v4.28

v4.29

v4.32

v4.33

v4.34

v4.35

v4.36

v4.37

v4.38

v4.39

v4.40

v4.41

v4.42

v4.43

v4.44

v4.45

v4.46

v4.47

v4.48

v4.49

v4.50

v4.51

v4.52

v4.53

v4.54

v4.55

v4.56

v4.57

v4.58

v4.59

v4.60

v4.61

v4.62

v4.63

v4.64

v4.65

v4.66

v4.67

v4.68

v4.69

v4.70

v4.71

v4.72

v4.73

v4.74

v4.75

v4.76

v4.77

v4.78

v4.79

v4.80

v4.81

v4.82

v4.83

v4.84

v4.85

v4.86

v4.87

v4.88

v4.89

v4.90

v4.91

v4.92

v4.93

v4.94

v4.95

v4.96

v4.98

v4.99

v5.*

v5.00

v5.01

v5.02

v5.03

v5.04

v5.05

v5.06

v5.07

v5.08

v5.09

v5.10

v5.11

v5.12

v5.13

v5.14

v5.15

v5.16

v5.17

v5.18

v5.19

v5.20

v5.21

v5.22

v5.23

v5.24

v5.25

v5.26

v5.27

v5.28

v5.29

v5.30

v5.31

v5.32

v5.33

v5.34

v5.35

v5.36

v5.37

v5.38

v5.39

v5.40

v5.41

v5.42

v5.43

v5.44

v5.45

v5.46

v5.47

v5.48

v5.49

v5.50

v5.51

v5.52

v5.53

v5.54

v5.55

v5.56

v5.57

v5.58

v5.59

v5.60

v5.61

v5.62

v5.63

v5.64

v5.65

v5.66

v5.67

v5.68

v5.69

v5.70

v5.71

v5.72

v5.73

v5.74

v5.75

v5.76

v5.77

v5.78

v5.79

v5.80

v5.81

v5.82

v5.83

v5.84

v5.85

v5.86

v5.87

v5.88

v5.89

v5.90

v5.91

v5.92

v5.93

v5.94

v5.95

v5.96

v5.97

v5.98

v5.99

v6.*

v6.00

v6.01

v6.02

v6.03

v6.04

v6.05

v6.06

v6.07

v6.08

v6.09

v6.10

v6.11

v6.12

v6.13

v6.14

v6.15

v6.16

v6.17

v6.18

v6.19

v6.20

v6.21

v6.22

v6.23

v6.24

v6.25

v6.26

v6.27

v6.28

v6.29

v6.30

v6.31

v6.32

v6.33

v6.34

v6.35

v6.36

v6.37

v6.38

v6.39

v6.40

v6.41

v6.42

v6.43

v6.44

v6.45

v6.46

v6.47

v6.48

v6.49

v6.50

v6.51

v6.52

v6.53

v6.54

v6.55

v6.56

v6.57

v6.58

v6.59

v6.60

v6.61

v6.62

v6.63

v6.64

v6.65

v6.67

v6.68

v6.69

v6.70

v6.71

v6.72

v6.73

v6.74

v6.75

v6.76

v6.77

v6.78

v6.79

v6.80

v6.81

v6.82

v6.83

v6.84

v6.85

v6.86

v6.87

v6.88

v6.89

v6.90

v6.91

v6.92

v6.93

v6.94

v6.95

v6.96

v6.97

v6.98

v6.99

v6.99.1

v6.99.2

v6.99.3

v6.99.4

v6.99.5

v6.99.6

v6.99.7

v6.99.8

v6.99.9

v7.*

v7.00

v7.01

v7.02

v7.03

v7.04

v7.05

v7.06

v7.07

v7.08

v7.09

v7.10

v7.11

v7.12

v7.14

v7.15

v7.16

v7.17

v7.18

v7.19

v7.20

v7.21

v7.22

v7.23

v7.24

v7.25

v7.26

v7.27

v7.28

v7.29

v7.30

v7.31

v7.32

v7.33

v7.34

v7.35

v7.36

v7.37

v7.38

v7.39

v7.40

v7.41

v7.42

v7.43

v7.44

v7.45

v7.46

v7.47

v7.48

v7.49

v7.50

v7.51

v7.52

v7.53

v7.54

v7.55

v7.56

v7.57

v7.58

v7.59

v7.60

v7.61

v7.62

v7.63

v7.64

v7.65

v7.67

v7.68

v7.69

v7.70

v7.71

v7.72

v7.73

v7.74

v7.75

v7.76

v7.77

v7.78

v7.79

v7.80

v7.81

v7.82

v7.83

v7.84

v7.85

v7.86

v7.87

v7.88

v7.89

v7.90

v7.91

v7.92

v7.93

v7.95

v7.96

v7.97

v7.98

v7.99

v8.*

v8.00

v8.01

v8.02

v8.03

v8.04

v8.05

v8.06

v8.07

v8.08

v8.09

v8.10

v8.11

v8.12

v8.14

v8.15

v8.16

v8.17

v8.18

v8.19

v8.20

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-1962.json"