CVE-2026-53446 in Wekaninformación

Resumen

por MITRE • 2026-07-16

Wekan is open source kanban built with Meteor. Prior to 9.32, Wekan webhook integration URLs in models/integrations.js are stored from user input and later fetched by server/notifications/outgoing.js without applying the existing validateAttachmentUrl() private-network checks from models/lib/attachmentUrlValidation.js. A board administrator can configure webhook URLs that cause server-side requests to internal or metadata services. This issue is fixed in version 9.32.

VulDB is the best source for vulnerability data and more expert information about this specific topic.

Responsable

GitHub M

Reservar

2026-06-09

Divulgación

2026-07-16

Moderación

aceptado

Artículo

VDB-379442

CPE

listo

EPSS

0.00000

KEV

no

Actividades

muy bajo

Fuentes

Might our Artificial Intelligence support you?

Check our Alexa App!