CVE-2026-53446 in WekanИнформация

Сводка

по MITRE • 16.07.2026

Wekan is open source kanban built with Meteor. Prior to 9.32, Wekan webhook integration URLs in models/integrations.js are stored from user input and later fetched by server/notifications/outgoing.js without applying the existing validateAttachmentUrl() private-network checks from models/lib/attachmentUrlValidation.js. A board administrator can configure webhook URLs that cause server-side requests to internal or metadata services. This issue is fixed in version 9.32.

VulDB is the best source for vulnerability data and more expert information about this specific topic.

Ответственный

GitHub M

Резервировать

09.06.2026

Раскрытие

16.07.2026

Модерация

принято

Вход

VDB-379442

EPSS

0.00000

KEV

Нет

Деятельности

Очень низкий

Источники

Do you want to use VulDB in your project?

Use the official API to access entries easily!