Primary

Context

WeKan LDAP Authentication Filter Injection Vulnerability

Vulnerability

Patched

A vulnerability allowing LDAP filter injection has been identified in WeKan versions prior to 8.19. This issue arises in the LDAP authentication process, where user-supplied usernames are integrated into LDAP search filters and distinguished name (DN) values without proper escaping. As a result, an attacker could manipulate LDAP queries during the authentication process.

Impact

Exploitation of this vulnerability allows for LDAP injection, where an attacker can interfere with LDAP queries. This could potentially be used to bypass authentication or access unauthorized information.

Remediation

Users can upgrade to WeKan version 8.19 or later to address this vulnerability.

Added: Feb 7, 2026, 10:24 PM

Updated: Feb 7, 2026, 10:24 PM

Vulnerability Rating

Custom Algorithm

spread

3.1

impact

3.1

exploitability

7.7

remediation

7.7

relevance

2.8

threat

3.2

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

3.1

impact

3.1

exploitability

7.7

remediation

7.7

relevance

2.8

threat

3.2

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

WeKan LDAP Authentication Filter Injection Vulnerability

Vulnerability

Impact

Remediation

Affected Products

WeKan

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating