CVE-2026-1895 | WeKan up to 8.20 Attachment Storage models/lists.js applyWipLimit ListWIPBleed access control

Inserito da Angelo Barbosa | Feb 4, 2026 | CVE

A vulnerability was found in WeKan up to 8.20. It has been declared as critical. Affected is the function applyWipLimit of the file models/lists.js of the component Attachment Storage Handler. Executing a manipulation can lead to improper access controls.

This vulnerability is handled as CVE-2026-1895. The attack can be executed remotely. There is not any exploit available.

It is recommended to upgrade the affected component.

CVE-2026-1895 | WeKan up to 8.20 Attachment Storage models/lists.js applyWipLimit ListWIPBleed access control

Post correlati

CVE-2025-68145 | modelcontextprotocol servers up to 2025.12.16 repo_path path traversal

CVE-2025-9253 | Linksys RE6250/RE6300/RE6350/RE6500/RE7000/RE9000 RP_doSpecifySiteSurvey ssidhex stack-based overflow

CVE-2024-10689 | webangon XLTab Plugin up to 1.4 on WordPress Shortcode XLTAB_INSERT_TPL authorization

CVE-2024-3723 | Advanced Contact Form 7 DB Plugin up to 2.0.2 on WordPress information disclosure