Primary

Context

WeKan Improper Access Control Vulnerability in Attachment Storage WIP Limit Function

Vulnerability

Patched

A vulnerability exists in WeKan versions prior to 8.21, specifically within the Attachment Storage Handler's WIP limit application function. This flaw allows for improper access control, enabling unauthorized operations on attachment storage workflows. The vulnerability can be exploited remotely.

Impact

Exploitation of this vulnerability could lead to unauthorized modifications or actions within the application's attachment storage management, potentially disrupting workflow processes that rely on these attachments.

Remediation

Users are advised to upgrade to WeKan version 8.21, which addresses this vulnerability. The upgrade is available on the WeKan GitHub Releases page.

Added: Feb 4, 2026, 11:40 PM

Updated: Feb 4, 2026, 11:40 PM

Vulnerability Rating

Custom Algorithm

spread

3.1

impact

0.6

exploitability

7.3

remediation

7.7

relevance

2.5

threat

3.2

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

3.1

impact

0.6

exploitability

7.3

remediation

7.7

relevance

2.5

threat

3.2

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

WeKan Improper Access Control Vulnerability in Attachment Storage WIP Limit Function

Vulnerability

Impact

Remediation

Affected Products

WeKan

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating