PT-2026-60318
Name of the Vulnerable Software and Affected Versions Wekan versions prior to 9.32 Description REST handlers in server/models/customFields.js use read-level Authentication.checkBoardAccess instead of write-level Authentication.checkBoardWriteAccess for mutating custom-field routes. This allows a...