Volerion logoVolerion
Volerion logoVolerion

WeKan Missing Authorization Vulnerability in Integration REST API

Vulnerability

A missing authorization vulnerability has been identified in WeKan versions prior to 8.35, specifically within the Integration REST API endpoints. This vulnerability allows authenticated board members to execute administrative actions without appropriate privilege verification. By taking advantage of the inadequate authorization checks in the JsonRoutes REST handlers, attackers can enumerate integrations, including webhook URLs, create new integrations, modify or delete existing ones, and manage integration activities.

Impact

Exploitation of this vulnerability could lead to unauthorized administrative actions being performed via the Integration REST API, potentially allowing for manipulation of integrations and their associated activities.

Remediation

Users can upgrade to WeKan version 8.35 or later to address this vulnerability.

Added: Apr 22, 2026, 10:19 PM
Updated: Apr 22, 2026, 10:19 PM

Vulnerability Rating

Custom Algorithm
spread
3.1
impact
3.1
exploitability
5.9
remediation
7.7
relevance
6.5
threat
3.2
urgency
2.9
incentive
0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.