WeKan EUVD-2026-25118

| CVE-2026-41455 MEDIUM
Server-Side Request Forgery (SSRF) (CWE-918)
2026-04-22 VulnCheck GHSA-qvhh-2f8h-hqgp
SSRF
6.3
CVSS 4.0
Share

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:H/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

3
Analysis Generated
Apr 23, 2026 - 07:06 vuln.today
Severity Changed
Apr 22, 2026 - 22:22 NVD
HIGH MEDIUM
CVSS changed
Apr 22, 2026 - 22:22 NVD
8.5 (HIGH) 6.3 (MEDIUM)

DescriptionNVD

WeKan before 8.35 contains a server-side request forgery vulnerability in webhook integration URL handling where the url schema field accepts any string without protocol restriction or destination validation. Attackers who can create or modify integrations can set webhook URLs to internal network addresses, causing the server to issue HTTP POST requests to attacker-controlled internal targets with full board event payloads, and can additionally exploit response handling to overwrite arbitrary comment text without authorization checks.

AnalysisAI

Server-side request forgery in WeKan before 8.35 allows authenticated users to create or modify webhook integrations with arbitrary URLs, enabling the server to issue HTTP POST requests to internal network addresses and attacker-controlled targets. The vulnerability additionally permits unauthorized modification of comment text through response handling, affecting systems where users have integration management privileges. …

Sign in for full analysis, threat intelligence, and remediation guidance.

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Sign in - Free

Share

EUVD-2026-25118 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy