CVE-2026-2207

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2026-2207

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-2207.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2026-2207

Published

2026-02-08T02:15:57.447Z

Modified

2026-03-13T11:36:54.654584Z

Severity

5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS Calculator

Summary

[none]

Details

A weakness has been identified in WeKan up to 8.20. This issue affects some unknown processing of the file server/publications/activities.js of the component Activity Publication Handler. Executing a manipulation can lead to information disclosure. It is possible to launch the attack remotely. Upgrading to version 8.21 is capable of addressing this issue. This patch is called 91a936e07d2976d4246dfe834281c3aaa87f9503. You should upgrade the affected component.

References

Affected packages

Git / github.com/wekan/wekan

Affected ranges

Type

GIT

Repo

https://github.com/wekan/wekan

Events

Introduced

Fixed

603a65ef17969a2388c9175d5853197dfa48efe1

Fixed

91a936e07d2976d4246dfe834281c3aaa87f9503

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "8.21"
        }
    ]
}

Affected versions

2.*

2.52

4.*

4.30

4.31

Other

stable

v0.*

v0.10-rc2

v0.10.0

v0.10.0-rc1

v0.10.0-rc3

v0.10.0-rc4

v0.10.1

v0.11.0-rc1

v0.11.0-rc2

v0.11.1-rc1

v0.11.1-rc2

v0.12

v0.13

v0.16

v0.17

v0.18

v0.19

v0.20

v0.21

v0.22

v0.23

v0.24

v0.25

v0.26

v0.27

v0.28

v0.29

v0.30

v0.31

v0.32

v0.33

v0.34

v0.35

v0.36

v0.37

v0.38

v0.39

v0.40

v0.41

v0.42

v0.43

v0.44

v0.45

v0.46

v0.47

v0.48

v0.49

v0.50

v0.51

v0.52

v0.53

v0.54

v0.55

v0.56

v0.57

v0.58

v0.59

v0.60

v0.61

v0.62

v0.63

v0.64

v0.65

v0.66

v0.67

v0.68

v0.69

v0.70

v0.71

v0.72

v0.73

v0.74

v0.75

v0.76

v0.77

v0.78

v0.79

v0.80

v0.81

v0.82

v0.83

v0.84

v0.85

v0.86

v0.87

v0.88

v0.89

v0.9

v0.9.0-rc1

v0.9.0-rc2

v0.90

v0.91

v0.92

v0.93

v0.94

v0.95

v0.96

v0.97

v0.98

v0.99

v1.*

v1.00

v1.01

v1.02

v1.03

v1.04

v1.05

v1.06

v1.07

v1.08

v1.09

v1.10

v1.11

v1.12

v1.13

v1.14

v1.15

v1.16

v1.17

v1.18

v1.19

v1.20

v1.21

v1.23

v1.24

v1.25

v1.26

v1.27

v1.29

v1.30

v1.31

v1.32

v1.33

v1.34

v1.35

v1.36

v1.37

v1.38

v1.39

v1.40

v1.41

v1.42

v1.43

v1.44

v1.45

v1.46

v1.47

v1.48

v1.49

v1.49-edge-1

v1.49.1

v1.50

v1.50.1

v1.50.2

v1.50.3

v1.51

v1.51.1

v1.51.2

v1.52

v1.52.1

v1.53

v1.53.1

v1.53.2

v1.53.3

v1.53.4

v1.53.5

v1.53.6

v1.53.7

v1.53.8

v1.53.9

v1.54

v1.55

v1.55.1

v1.57

v1.58

v1.59

v1.60

v1.61

v1.62

v1.63

v1.64

v1.64.1

v1.64.2

v1.65

v1.66

v1.67

v1.68

v1.69

v1.69.2

v1.70

v1.71

v1.72

v1.73

v1.74

v1.74.1

v1.75

v1.76

v1.77

v1.78

v1.79

v1.80

v1.81

v1.82

v1.83

v1.84

v1.85

v1.86

v1.87

v1.88

v1.89

v1.90

v1.91

v1.92

v1.93

v1.94

v1.95

v1.96

v1.97

v1.98

v1.99

v2.*

v2.00

v2.01

v2.02

v2.03

v2.04

v2.05

v2.06

v2.07

v2.08

v2.09

v2.10

v2.11

v2.12

v2.13

v2.14

v2.15

v2.16

v2.17

v2.18

v2.19

v2.20

v2.21

v2.22

v2.23

v2.24

v2.25

v2.26

v2.27

v2.28

v2.29

v2.30

v2.31

v2.32

v2.33

v2.34

v2.35

v2.36

v2.37

v2.38

v2.39

v2.40

v2.41

v2.42

v2.43

v2.44

v2.45

v2.46

v2.47

v2.48

v2.49

v2.50

v2.51

v2.52

v2.53

v2.54

v2.55

v2.55.1

v2.56

v2.56.1

v2.57

v2.58

v2.59

v2.60

v2.60.1

v2.61

v2.62

v2.63

v2.64

v2.65

v2.66

v2.67

v2.68

v2.69

v2.70

v2.71

v2.72

v2.73

v2.74

v2.75

v2.76

v2.77

v2.78

v2.79

v2.80

v2.81

v2.82

v2.83

v2.84

v2.85

v2.86

v2.87

v2.88

v2.89

v2.90

v2.91

v2.92

v2.94

v2.98

v2.99

v3.*

v3.00

v3.01

v3.02

v3.03

v3.04

v3.05

v3.06

v3.07

v3.08

v3.09

v3.10

v3.11

v3.12

v3.13

v3.14

v3.15

v3.16

v3.17

v3.18

v3.19

v3.20

v3.21

v3.22

v3.23

v3.24

v3.25

v3.26

v3.27

v3.29

v3.30

v3.31

v3.32

v3.33

v3.34

v3.35

v3.36

v3.37

v3.38

v3.39

v3.40

v3.41

v3.42

v3.43

v3.44

v3.45

v3.46

v3.47

v3.48

v3.49

v3.50

v3.51

v3.52

v3.53

v3.54

v3.55

v3.56

v3.57

v3.58

v3.59

v3.60

v3.61

v3.62

v3.63

v3.64

v3.65

v3.66

v3.67

v3.68

v3.69

v3.70

v3.71

v3.73

v3.74

v3.75

v3.76

v3.77

v3.78

v3.79

v3.80

v3.81

v3.82

v3.83

v3.84

v3.85

v3.86

v3.87

v3.88

v3.89

v3.90

v3.91

v3.92

v3.93

v3.94

v3.95

v3.96

v3.97

v3.98

v3.99

v4.*

v4.00

v4.01

v4.02

v4.03

v4.04

v4.05

v4.06

v4.07

v4.08

v4.09

v4.10

v4.11

v4.12

v4.13

v4.14

v4.15

v4.16

v4.17

v4.18

v4.19

v4.20

v4.21

v4.22

v4.23

v4.24

v4.25

v4.26

v4.27

v4.28

v4.29

v4.32

v4.33

v4.34

v4.35

v4.36

v4.37

v4.38

v4.39

v4.40

v4.41

v4.42

v4.43

v4.44

v4.45

v4.46

v4.47

v4.48

v4.49

v4.50

v4.51

v4.52

v4.53

v4.54

v4.55

v4.56

v4.57

v4.58

v4.59

v4.60

v4.61

v4.62

v4.63

v4.64

v4.65

v4.66

v4.67

v4.68

v4.69

v4.70

v4.71

v4.72

v4.73

v4.74

v4.75

v4.76

v4.77

v4.78

v4.79

v4.80

v4.81

v4.82

v4.83

v4.84

v4.85

v4.86

v4.87

v4.88

v4.89

v4.90

v4.91

v4.92

v4.93

v4.94

v4.95

v4.96

v4.98

v4.99

v5.*

v5.00

v5.01

v5.02

v5.03

v5.04

v5.05

v5.06

v5.07

v5.08

v5.09

v5.10

v5.11

v5.12

v5.13

v5.14

v5.15

v5.16

v5.17

v5.18

v5.19

v5.20

v5.21

v5.22

v5.23

v5.24

v5.25

v5.26

v5.27

v5.28

v5.29

v5.30

v5.31

v5.32

v5.33

v5.34

v5.35

v5.36

v5.37

v5.38

v5.39

v5.40

v5.41

v5.42

v5.43

v5.44

v5.45

v5.46

v5.47

v5.48

v5.49

v5.50

v5.51

v5.52

v5.53

v5.54

v5.55

v5.56

v5.57

v5.58

v5.59

v5.60

v5.61

v5.62

v5.63

v5.64

v5.65

v5.66

v5.67

v5.68

v5.69

v5.70

v5.71

v5.72

v5.73

v5.74

v5.75

v5.76

v5.77

v5.78

v5.79

v5.80

v5.81

v5.82

v5.83

v5.84

v5.85

v5.86

v5.87

v5.88

v5.89

v5.90

v5.91

v5.92

v5.93

v5.94

v5.95

v5.96

v5.97

v5.98

v5.99

v6.*

v6.00

v6.01

v6.02

v6.03

v6.04

v6.05

v6.06

v6.07

v6.08

v6.09

v6.10

v6.11

v6.12

v6.13

v6.14

v6.15

v6.16

v6.17

v6.18

v6.19

v6.20

v6.21

v6.22

v6.23

v6.24

v6.25

v6.26

v6.27

v6.28

v6.29

v6.30

v6.31

v6.32

v6.33

v6.34

v6.35

v6.36

v6.37

v6.38

v6.39

v6.40

v6.41

v6.42

v6.43

v6.44

v6.45

v6.46

v6.47

v6.48

v6.49

v6.50

v6.51

v6.52

v6.53

v6.54

v6.55

v6.56

v6.57

v6.58

v6.59

v6.60

v6.61

v6.62

v6.63

v6.64

v6.65

v6.67

v6.68

v6.69

v6.70

v6.71

v6.72

v6.73

v6.74

v6.75

v6.76

v6.77

v6.78

v6.79

v6.80

v6.81

v6.82

v6.83

v6.84

v6.85

v6.86

v6.87

v6.88

v6.89

v6.90

v6.91

v6.92

v6.93

v6.94

v6.95

v6.96

v6.97

v6.98

v6.99

v6.99.1

v6.99.2

v6.99.3

v6.99.4

v6.99.5

v6.99.6

v6.99.7

v6.99.8

v6.99.9

v7.*

v7.00

v7.01

v7.02

v7.03

v7.04

v7.05

v7.06

v7.07

v7.08

v7.09

v7.10

v7.11

v7.12

v7.14

v7.15

v7.16

v7.17

v7.18

v7.19

v7.20

v7.21

v7.22

v7.23

v7.24

v7.25

v7.26

v7.27

v7.28

v7.29

v7.30

v7.31

v7.32

v7.33

v7.34

v7.35

v7.36

v7.37

v7.38

v7.39

v7.40

v7.41

v7.42

v7.43

v7.44

v7.45

v7.46

v7.47

v7.48

v7.49

v7.50

v7.51

v7.52

v7.53

v7.54

v7.55

v7.56

v7.57

v7.58

v7.59

v7.60

v7.61

v7.62

v7.63

v7.64

v7.65

v7.67

v7.68

v7.69

v7.70

v7.71

v7.72

v7.73

v7.74

v7.75

v7.76

v7.77

v7.78

v7.79

v7.80

v7.81

v7.82

v7.83

v7.84

v7.85

v7.86

v7.87

v7.88

v7.89

v7.90

v7.91

v7.92

v7.93

v7.95

v7.96

v7.97

v7.98

v7.99

v8.*

v8.00

v8.01

v8.02

v8.03

v8.04

v8.05

v8.06

v8.07

v8.08

v8.09

v8.10

v8.11

v8.12

v8.14

v8.15

v8.16

v8.17

v8.18

v8.19

v8.20

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-2207.json"