6.9
CVE-2026-2207
- EPSS 0.34%
- Veröffentlicht 08.02.2026 01:09:38
- Zuletzt bearbeitet 11.02.2026 18:58:37
- Quelle cna@vuldb.com
- CVE-Watchlists
- Unerledigt
LoginWeKan Activity Publication activities.js LinkedBoardActivitiesBleed information disclosure
A weakness has been identified in WeKan up to 8.20. This issue affects some unknown processing of the file server/publications/activities.js of the component Activity Publication Handler. Executing a manipulation can lead to information disclosure. It is possible to launch the attack remotely. Upgrading to version 8.21 is capable of addressing this issue. This patch is called 91a936e07d2976d4246dfe834281c3aaa87f9503. You should upgrade the affected component.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Wekan Project ≫ Wekan Version < 8.21
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.34% | 0.259 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| cna@vuldb.com | 5.3 | 3.9 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
|
| cna@vuldb.com | 6.9 | 0 | 0 |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
|
| cna@vuldb.com | 5 | 10 | 2.9 |
AV:N/AC:L/Au:N/C:P/I:N/A:N
|
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
CWE-284 Improper Access Control
The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
https://github.com/wekan/wekan/
https://github.com/wekan/wekan/releases/tag/v8.21
https://vuldb.com/?id.344921
https://vuldb.com/?ctiid.344921
https://vuldb.com/?submit.752163
https://github.com/wekan/wekan/commit/91a936e07d2976d4246dfe834281c3aaa87f9503