CVE-2026-2208
MEDIUM WAF: Low
CVSS 6.5
Published: 2026-02-08
CWE-862 CWE-863 CWE-862
A security vulnerability has been detected in WeKan up to 8.20. Impacted is an unknown function of the file server/publications/rules.js of the component Rules Handler. The manipulation leads to missing authorization. The attack can be initiated remotely. Upgrading to version 8.21 is recommended to address this issue. The identifier of the patch is a787bcddf33ca28afb13ff5ea9a4cb92dceac005. The affected component should be upgraded.
WAF Coverage Analysis
Missing Authorization
Low WAF Coverage
OWASP: A01:2021 Broken Access Control
Incorrect Authorization
Low WAF Coverage
OWASP: A01:2021 Broken Access Control
Missing Authorization
Low WAF Coverage
OWASP: A01:2021 Broken Access Control
Affected Software
| Vendor | Product | Version |
|---|---|---|
| wekan_project | wekan | up to 8.21 |
References
- github.com (Product)
- github.com (Patch)
- github.com (Product, Release Notes)
- vuldb.com (Permissions Required, VDB Entry)
- vuldb.com (Third Party Advisory, VDB Entry)
- vuldb.com (Third Party Advisory, VDB Entry)