CVE-2026-41454 in WeKan情報

要約

〜によって MITRE • 2026年04月23日

WeKan before 8.35 contains a missing authorization vulnerability in the Integration REST API endpoints that allows authenticated board members to perform administrative actions without proper privilege verification. Attackers can enumerate integrations including webhook URLs, create new integrations, modify or delete existing integrations, and manage integration activities by exploiting insufficient authorization checks in the JsonRoutes REST handlers.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

責任者

VulnCheck

予約する

2026年04月20日

公開

2026年04月23日

モデレーション

承諾済み

エントリ

VDB-359074

CPE

準備完了

CWE

CWE-862 (確認済み)

CVSS

8.3 (CNA)

EPSS

0.00046

KEV

いいえ

アクティビティ

非常低い

ソース

MITRE	https://www.cve.org/CVERecord?id=CVE-2026-41454
NVD	https://nvd.nist.gov/vuln/detail/CVE-2026-41454
CVE Details	https://www.cvedetails.com/cve/CVE-2026-41454/

◂ 前概要次 ▸

Do you want to use VulDB in your project?

Use the official API to access entries easily!