2 matches found
CVE-2026-25560
WeKan versions prior to 8.19 contain an LDAP filter injection vulnerability in LDAP authentication. User-supplied username input is incorporated into LDAP search filters and DN-related values without adequate escaping, allowing an attacker to manipulate LDAP queries during authentication...
CVE-2026-25561 WeKan < 8.19 Attachment Upload Object Relationship Validation Bypass
WeKan versions prior to 8.19 contain an authorization weakness in the attachment upload API. The API does not fully validate that provided identifiers such as boardId, cardId, swimlaneId, and listId are consistent and refer to a coherent card/board relationship, enabling attempts to upload...