A vulnerability has been found in Wekan up to 9.45 and classified as critical. Affected by this vulnerability is the function
getRequestIp of the file server/lib/headerLoginAuth.js of the component Header-Login. The manipulation of the argument HEADER_LOGIN_ID leads to improper authentication.
This vulnerability is referenced as CVE-2026-55652. Remote exploitation of the attack is possible. No exploit is available.