Is Wekan affected by CVE-2026-25859?

Wekan versions before 8.20 contain a critical access control flaw allowing regular users to perform administrative migration operations they should not have permission to execute.

CVE-2026-25859

HIGH

2026-02-07 [email protected]

8.8

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 21:54 vuln.today

Patch Released

Feb 10, 2026 - 21:54 nvd

Patch available

CVE Published

Feb 07, 2026 - 22:16 nvd

HIGH 8.8

Description

Wekan versions prior to 8.20 allow non-administrative users to access migration functionality due to insufficient permission checks, potentially resulting in unauthorized migration operations.

Analysis

Wekan before version 8.20 fails to properly validate user permissions on migration functions, allowing authenticated non-admin users to execute unauthorized migration operations. This vulnerability affects any Wekan deployment and could be exploited by low-privileged users to compromise data integrity or availability. …

Remediation

Within 24 hours: Identify all Wekan instances in your environment and verify current versions. Within 7 days: Upgrade all Wekan deployments to version 8.20 or later and validate migration functionality is restricted to administrators only. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.0

CVSS: +44

POC: 0

CVE-2026-25859 vulnerability details – vuln.today

Back

CVE-2026-25859

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Remediation

Analysis

Full analysis requires sign-in

Priority Score

Share

CVE-2026-25859

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Remediation

Full analysis requires sign-in

Priority Score

Share

External POC / Exploit Code