These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.
CVE-2026-25859 is a high-severity vulnerability in Wekan versions prior to 8.20, allowing non-administrative users to access migration functionality due to insufficient permission checks. This could result in unauthorized migration operations. The vulnerability exists in the migration functionality of Wekan, potentially allowing non-administrative users to access and perform unauthorized migration operati [truncated]
CVE-2026-25568 is an authorization logic vulnerability in Wekan versions prior to 8.19. The instance configuration setting allowPrivateOnly is not sufficiently enforced at board creation time, allowing users to create public boards when it is enabled. This vulnerability has a CVSS score of 7.1 and is classified as HIGH severity. Affected users should review and adjust the allowPrivateOnly setting and moni [truncated]
CVE-2026-25567 is an insecure direct object reference (IDOR) vulnerability in the card comment creation API of Wekan versions prior to 8.19. The endpoint accepts an authorId from the request body, allowing an authenticated user to spoof the recorded comment author by supplying another user's identifier. This vulnerability could potentially be used to manipulate the recorded authors of comments, which coul [truncated]
CVE-2026-25566 is a high-severity vulnerability in Wekan versions prior to 8.19, allowing unauthorized cross-board card moves due to inadequate authorization checks. Users can specify a destination board/list/swimlane without proper validation, potentially enabling unauthorized actions. This vulnerability affects Wekan's card move logic, where users can manipulate destination objects without adequate auth [truncated]
CVE-2026-25564 is an insecure direct object reference (IDOR) vulnerability in Wekan versions prior to 8.19. The implementation does not verify that the supplied cardId belongs to the supplied boardId, allowing cross-board ID tampering by manipulating identifiers. This vulnerability has a CVSS score of 7.1 and is classified as HIGH severity. Users of Wekan versions prior to 8.19 should be aware of this vul [truncated]
CVE-2026-25563 is an insecure direct object reference (IDOR) vulnerability in Wekan checklist creation and related routes. The issue allows cross-board ID tampering by manipulating identifiers. Wekan versions prior to 8.19 are affected. This vulnerability has a High severity with a CVSS score of 7.1. Users of Wekan should apply the patch or upgrade to version 8.19 or later to prevent cross-board ID tampering attacks.
CVE-2026-25562 is an information disclosure vulnerability in Wekan versions prior to 8.19. The vulnerability occurs in the attachments publication, allowing for attachment metadata to be returned without proper scoping to boards and cards accessible to the requesting user. This could potentially expose attachment metadata to unauthorized users. The vulnerability has a CVSS score of 5.3 and a severity of M [truncated]