CVE-2026-53445 in WekanИнформация

Сводка

по MITRE • 16.07.2026

Wekan is open source kanban built with Meteor. Prior to 9.32, the Wekan copyBoard Meteor DDP method in server/publications/boards.js copies a board by caller-supplied board ID without checking this.userId, membership, or admin access. Any authenticated user can copy a private board they are not a member of, including its cards, checklists, custom fields, labels, and rules, while the REST POST /api/boards/:boardId/copy path correctly checks board admin access. This issue is fixed in version 9.32.

Once again VulDB remains the best source for vulnerability data.

Ответственный

GitHub M

Резервировать

09.06.2026

Раскрытие

16.07.2026

Модерация

принято

Вход

VDB-379441

EPSS

0.00000

KEV

Нет

Деятельности

Очень низкий

Источники

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!