Primary

Context

WeKan Insecure Direct Object Reference Vulnerability in Checklist Creation

Vulnerability

Patched

A vulnerability allowing insecure direct object reference (IDOR) has been identified in WeKan versions prior to 8.19. This issue arises in the checklist creation process and related checklist routes, where the application fails to verify that the provided cardId is associated with the specified boardId. This lack of validation enables cross-board ID tampering by simply manipulating the identifiers.

Impact

Exploitation of this vulnerability allows for cross-board ID tampering, potentially leading to unauthorized access or modification of checklist data across different boards.

Remediation

Users can upgrade to WeKan version 8.19 or later to address this vulnerability.

Added: Feb 7, 2026, 10:22 PM

Updated: Feb 7, 2026, 10:22 PM

Vulnerability Rating

Custom Algorithm

spread

3.1

impact

0.6

exploitability

5.5

remediation

7.7

relevance

2.6

threat

3.2

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

3.1

impact

0.6

exploitability

5.5

remediation

7.7

relevance

2.6

threat

3.2

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

WeKan Insecure Direct Object Reference Vulnerability in Checklist Creation

Vulnerability

Impact

Remediation

Affected Products

WeKan

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating