Primary

Context

WeKan Authorization Vulnerability in Card Move Logic Allowing Unauthorized Cross-Board Moves

Vulnerability

A vulnerability exists in WeKan versions prior to 8.19, allowing users to move cards between boards, lists, or swimlanes without proper authorization. The issue arises because the destination board and its components are not adequately validated, potentially leading to unauthorized moves across boards.

Impact

Exploitation of this vulnerability allows for unauthorized movement of cards between different boards, lists, or swimlanes, which could disrupt task management and project organization.

Remediation

Users can upgrade to WeKan version 8.19 or later to address this vulnerability.

Added: Feb 7, 2026, 10:21 PM

Updated: Feb 8, 2026, 12:22 AM

Vulnerability Rating

Custom Algorithm

spread

3.1

impact

0.6

exploitability

5.9

remediation

0.0

relevance

2.9

threat

3.2

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

3.1

impact

0.6

exploitability

5.9

remediation

0.0

relevance

2.9

threat

3.2

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

WeKan Authorization Vulnerability in Card Move Logic Allowing Unauthorized Cross-Board Moves

Vulnerability

Impact

Remediation

Affected Products

WeKan

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating