Home / Vulnerability Intelligence / CVE-2026-41454

CVE-2026-41454 - Vulnerability Analysis

HighCVSS: 8.3

Last Updated: April 22, 2026

WeKan - Broken Access Control

Published: April 22, 2026Updated: April 22, 2026Remote Exploitable

Overview

WeKan < 8.35 contains a broken access control vulnerability caused by missing authorization checks in Integration REST API endpoints, letting authenticated board members perform administrative actions without proper privileges.

Severity & Score

Severity: High

CVSS Score: 8.3

Impact

Authenticated board members can perform unauthorized administrative actions, including managing integrations and enumerating webhook URLs.

Mitigation

Update to version 8.35 or later.

References

https://github.com/wekan/wekan/commit/2cd702f48df2b8aef0e7381685f8e089986a18a4
https://github.com/wekan/wekan/releases/tag/v8.35
https://www.vulncheck.com/advisories/wekan-missing-authorization-via-integration-rest-api

Related Resources

Vulnerability Intelligence Dashboard
Credential Scanner

Details

CVE ID: CVE-2026-41454
Severity: High
CVSS Score: 8.3
Type: broken_access_control
Status: new

CWE

CWE-862

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L