CVE-2026-1897 | WeKan up to 8.20 Position-History Tracking positionHistory.js PositionHistoryBleed authorization

Inserito da Angelo Barbosa | Feb 4, 2026 | CVE

A vulnerability categorized as problematic has been discovered in WeKan up to 8.20. Affected by this issue is some unknown functionality of the file server/methods/positionHistory.js of the component Position-History Tracking. The manipulation results in missing authorization.

This vulnerability was named CVE-2026-1897. The attack may be performed from remote. There is no available exploit.

It is advisable to upgrade the affected component.

CVE-2026-1897 | WeKan up to 8.20 Position-History Tracking positionHistory.js PositionHistoryBleed authorization

Post correlati

CVE-2024-37882 | Nextcloud Server up to 26.0.12/27.1.7/28.0.3 Share Recipient access control

CVE-2025-0899 | Tracker Software PDF-XChange Editor use after free

CVE-2021-4457 | ZoomSounds Plugin up to 6.04 on WordPress unrestricted upload

CVE-2023-6740 | Checkmk up to 2.0.0p38/2.1.0p36/2.2.0p16 jar_signature Agent Plugin uncontrolled search path