A vulnerability identified as critical has been detected in Wekan up to 9.31. This vulnerability affects the function GroupRoutineOnLogin of the file packages/wekan-oidc/oidc_server.js of the component OIDC Server. Performing a manipulation results in improper authorization.

This vulnerability is reported as CVE-2026-53444. The attack is possible to be carried out remotely. No exploit exists.