MEDIUM
wekan
CVE published 2026-04-22
CVE-2026-41455
CVE-2026-41455 documents a server-side request forgery (SSRF) vulnerability in WeKan versions prior to 8.35, published by NVD on 2026-04-22 and last modified on 2026-05-26. The flaw resides in webhook integration URL handling, where the URL scheme field accepts arbitrary strings without protocol restriction or destination validation. Attackers with permissions to create or modify integrations can configur [truncated]