Wekan Project Security Vulnerabilities (CVEs)
Track 16 security vulnerabilities affecting Wekan Project products and software. Get instant email alerts when new CVEs are discovered, automated security monitoring, and patch guidance.
This vulnerability in WeKan allows remote attackers to access sensitive information through the Meteor Publication Handler in the cards.js component. ...
Feb 8, 2026This vulnerability in WeKan allows improper access controls through the Administrative Repair Handler component. Attackers can remotely exploit this f...
Feb 8, 2026This vulnerability in WeKan versions up to 8.20 allows remote attackers to access sensitive information through the Activity Publication Handler compo...
Feb 8, 2026This CVE describes a missing authorization vulnerability in WeKan's Rules Handler component that allows unauthorized access to functionality. Attacker...
Feb 8, 2026This vulnerability in WeKan allows remote attackers to bypass authorization controls in the custom translation handler. Attackers can manipulate trans...
Feb 8, 2026This CVE describes an authorization vulnerability in WeKan's card movement functionality. Users can move cards to boards, lists, or swimlanes without ...
Feb 7, 2026This vulnerability in WeKan allows improper access controls through the REST endpoint, potentially enabling unauthorized access to board data. It affe...
Feb 5, 2026This CVE describes an improper access control vulnerability in WeKan's attachment storage component. Attackers can remotely exploit this to access or ...
Feb 5, 2026This vulnerability in WeKan's attachment migration component allows attackers to bypass access controls and potentially access or manipulate attachmen...
Feb 5, 2026This vulnerability in WeKan allows attackers to bypass authorization checks in the REST API by manipulating card/board ID parameters. Remote attackers...
Feb 4, 2026CVE-2026-1895 is an improper access control vulnerability in WeKan's attachment storage handler that allows remote attackers to bypass intended restri...
Feb 4, 2026This vulnerability allows attackers to upload malicious attachments that are served with HTML content types, enabling cross-site scripting (XSS) attac...
Dec 15, 2025CVE-2025-65779 is an improper access control vulnerability in Wekan that allows unauthenticated attackers to modify the sort order of boards. This aff...
Dec 15, 2025Authenticated users in Wekan versions up to 18.15 can modify their entire user document, including organization/team memberships and account status fi...
Dec 15, 2025This vulnerability in Wekan allows attackers to cause application-layer denial of service (DoS) by sending any non-empty Authorization bearer token to...
Dec 15, 2025An authorization flaw in Wekan's card update handling allows authenticated board members to manipulate vote arrays by adding/removing arbitrary user I...
Dec 15, 2025Why Monitor Wekan Project Security Vulnerabilities?
Real-time CVE tracking: Our automated system monitors 16+ known vulnerabilities affecting Wekan Project products and software packages. Stay ahead of emerging threats with instant email notifications when new security issues are discovered.
Automated security monitoring: Unlike manual CVE checking, FixTheCVE automatically scans your servers and detects vulnerable Wekan Project packages in under 60 seconds. No agents required - completely agentless scanning that works across Wekan Project deployments.
Free vulnerability database: Access detailed information about every Wekan Project CVE including CVSS scores, severity ratings, affected versions, and actionable patch guidance. Filter by critical, high, medium, or low severity to prioritize your security remediation efforts.
🚀 Get Started in 60 Seconds
- Register free account & add your servers
- Run one-time scan or schedule automatic monitoring (every 1-24 hours)
- Receive instant alerts when new Wekan Project CVEs affect your systems
- Access dashboard with severity breakdown & fix instructions
