CVE-2026-1894 | WeKan up to 8.20 REST API models/checklistItems.js item.cardId/item.checklistId/card.boardId Checklist REST Bleed improper authorization

Inserito da Angelo Barbosa | Feb 4, 2026 | CVE

A vulnerability was found in WeKan up to 8.20. It has been classified as critical. This impacts an unknown function of the file models/checklistItems.js of the component REST API. Performing a manipulation of the argument item.cardId/item.checklistId/card.boardId results in improper authorization.

This vulnerability is known as CVE-2026-1894. Remote exploitation of the attack is possible. No exploit is available.

Upgrading the affected component is recommended.

CVE-2026-1894 | WeKan up to 8.20 REST API models/checklistItems.js item.cardId/item.checklistId/card.boardId Checklist REST Bleed improper authorization

Post correlati

CVE-2024-22337 | IBM QRadar Suite Software/Cloud Pak for Security log file (XFDB-279977)

CVE-2024-50647 | geeeeeeeek python_food 1.0 info ID information disclosure

CVE-2024-31273 | JS Help Desk Plugin up to 2.8.3 on WordPress authorization

CVE-2021-47006 | Linux Kernel up to 5.12.4 ARM overflow_handler Privilege Escalation