CVE-2026-1898 | WeKan up to 8.20 LDAP User Sync syncUser.js SyncLDAPBleed access control

Inserito da Angelo Barbosa | Feb 4, 2026 | CVE

A vulnerability identified as critical has been detected in WeKan up to 8.20. This affects an unknown part of the file packages/wekan-ldap/server/syncUser.js of the component LDAP User Sync. This manipulation causes improper access controls.

The identification of this vulnerability is CVE-2026-1898. It is possible to initiate the attack remotely. There is no exploit available.

You should upgrade the affected component.

CVE-2026-1898 | WeKan up to 8.20 LDAP User Sync syncUser.js SyncLDAPBleed access control

Post correlati

CVE-2023-1577 | Lenovo Driver Manager prior 3.1.1307.1308 input validation

CVE-2024-20383 | Cisco Secure Email/Web Manager cross site scripting (cisco-sa-esa-sma-wsa-xss-bgG5WHOD)

CVE-2025-22342 | Jens Törnell WP Simple Sitemap Plugin up to 0.2 on WordPress cross-site request forgery

CVE-2024-13091 | WPBot Pro Chatbot Plugin up to 13.5.4 on WordPress unrestricted upload