CVE-2026-25565

WeKan versions prior to 8.19 contain an authorization vulnerability where certain card update API paths validate only board read access rather than requiring write permission. This can allow users with read-only roles to perform card updates that should require write access...

CVE-2026-25565

WeKan versions prior to 8.19 contain an authorization vulnerability where certain card update API paths validate only board read access rather than requiring write permission. This can allow users with read-only roles to perform card updates that should require write access...

CVE-2026-25565 WeKan < 8.19 Read-only Board Roles Can Update Cards

WeKan versions prior to 8.19 contain an authorization vulnerability where certain card update API paths validate only board read access rather than requiring write permission. This can allow users with read-only roles to perform card updates that should require write access...

CVE-2026-25560 WeKan < 8.19 LDAP Authentication Filter Injection

WeKan versions prior to 8.19 contain an LDAP filter injection vulnerability in LDAP authentication. User-supplied username input is incorporated into LDAP search filters and DN-related values without adequate escaping, allowing an attacker to manipulate LDAP queries during authentication...

CVE-2026-25560 WeKan < 8.19 LDAP Authentication Filter Injection

WeKan versions prior to 8.19 contain an LDAP filter injection vulnerability in LDAP authentication. User-supplied username input is incorporated into LDAP search filters and DN-related values without adequate escaping, allowing an attacker to manipulate LDAP queries during authentication...

PT-2026-6928

Name of the Vulnerable Software and Affected Versions WeKan versions prior to 8.19 Description WeKan contains an authorization issue in certain card update API paths. These paths only validate read access to a board instead of requiring write permission. This allows users with read-only roles to...