CVE-2026-25859

HIGH WAF: Low

CVSS 8.8 Published: 2026-02-07

CWE-863

Wekan versions prior to 8.20 allow non-administrative users to access migration functionality due to insufficient permission checks, potentially resulting in unauthorized migration operations.

WAF Coverage Analysis

Incorrect Authorization Low WAF Coverage

OWASP: A01:2021 Broken Access Control

Affected Software

Vendor	Product	Version
wekan_project	wekan	up to 8.20

References

github.com (Patch)
wekan.fi (Product)
www.vulncheck.com (Third Party Advisory)

Back to CVE Database