Lucene search
K

4 matches found

NVD
NVD
added 2026/03/06 8:16 p.m.5 views

CVE-2026-30843

Wekan is an open source kanban tool built with Meteor. Versions 8.32 and 8.33 have a critical Insecure Direct Object Reference IDOR issue which could allow unauthorized users to modify custom fields across boards through its custom fields update endpoints, potentially leading to unauthorized data...

9.3CVSS0.00218EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/03/06 7:30 p.m.2 views

CVE-2026-30843 Wekan has Cross-Board IDOR in Custom Fields Update Endpoints

Wekan is an open source kanban tool built with Meteor. Versions 8.32 and 8.33 have a critical Insecure Direct Object Reference IDOR issue which could allow unauthorized users to modify custom fields across boards through its custom fields update endpoints, potentially leading to unauthorized data...

9.3CVSS5.8AI score0.00218EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/03/06 7:30 p.m.5 views

CVE-2026-30843

Wekan is an open source kanban tool built with Meteor. Versions 8.32 and 8.33 have a critical Insecure Direct Object Reference IDOR issue which could allow unauthorized users to modify custom fields across boards through its custom fields update endpoints, potentially leading to unauthorized data...

9.3CVSS5.8AI score0.00218EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2026/03/06 7:30 p.m.12 views

CVE-2026-30843

Wekan versions 8.32 and 8.33 contain a critical Insecure Direct Object Reference (IDOR) in custom fields update endpoints, allowing cross-board modification of custom fields. The PUT /api/boards/:boardId/custom-fields/:customFieldId endpoint validates board access but uses the field’s _id as a fi...

9.3CVSS5.8AI score0.00218EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder