CVE-2026-25562

WeKan < 8.19 Attachments Publication Information Disclosure

Description

WeKan versions prior to 8.19 contain an information disclosure vulnerability in the attachments publication. Attachment metadata can be returned without properly scoping results to boards and cards accessible to the requesting user, potentially exposing attachment metadata to unauthorized users.

INFO

Published Date :

2026-02-07T21:57:12.352Z

Last Modified :

2026-03-05T01:30:47.450Z

Source :

VulnCheck

AFFECTED PRODUCTS

The following products are affected by CVE-2026-25562 vulnerability.

Vendors	Products
Wekan Project	Wekan

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-25562.

URL	Resource
https://github.com/wekan/wekan/commit/6dfa3beb2b6ab23438d0f4395b84bf0749eb4820
https://wekan.fi/
https://www.vulncheck.com/advisories/wekan-attachments-publication-information-disclosure

CVSS Vulnerability Scoring System

V4
V3.1

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Attack Requirements

Privileges Required

User Interaction

VS Confidentiality

VS Integrity

VS Availability

SS Confidentiality

SS Integrity

SS Availability

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality Impact

Integrity Impact

Availability Impact