CVE-2026-41454

🗓️ 22 Apr 2026 21:08:38Reported by VulnCheckType

CVE-2026-41454 affects WeKan before eight point thirty five; missing authorization allows admin actions via integration endpoints.

Reporter	Title	Published	Views	Family All 9
ATTACKERKB	CVE-2026-41454	22 Apr 202621:08	–	attackerkb
Circl	CVE-2026-41454	22 Apr 202623:00	–	circl
CNNVD	WeKan 安全漏洞	22 Apr 202600:00	–	cnnvd
Cvelist	CVE-2026-41454 WeKan < 8.35 Missing Authorization via Integration REST API	22 Apr 202621:08	–	cvelist
EUVD	EUVD-2026-25117	23 Apr 202600:31	–	euvd
NVD	CVE-2026-41454	22 Apr 202622:16	–	nvd
Positive Technologies	PT-2026-34568	22 Apr 202600:00	–	ptsecurity
RedhatCVE	CVE-2026-41454	5 Jun 202619:20	–	redhatcve
Vulnrichment	CVE-2026-41454 WeKan < 8.35 Missing Authorization via Integration REST API	22 Apr 202621:08	–	vulnrichment

Vulners

Node

wekan wekanRange0–8.35.0

[
  {
    "vendor": "wekan",
    "product": "wekan",
    "repo": "https://github.com/wekan/wekan",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "8.35.0",
        "versionType": "semver"
      },
      {
        "status": "unaffected",
        "version": "2cd702f48df2b8aef0e7381685f8e089986a18a4",
        "versionType": "git"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

Source	Link
github	www.github.com/wekan/wekan/commit/2cd702f48df2b8aef0e7381685f8e089986a18a4
vulncheck	www.vulncheck.com/advisories/wekan-missing-authorization-via-integration-rest-api
github	www.github.com/wekan/wekan/releases/tag/v8.35

17 Jun 2026 10:46Current

5.8Medium risk

Vulners AI Score5.8

CVSS 3.18.3

CVSS 48.7

EPSS0.00274

SSVC

CWE-862