Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.
7.1

CVE-2026-25568: WeKan: Public boards can be created with private boards setting enabled

CVE-2026-25568
Summary

Prior to WeKan version 8.19, some users can create public boards even when the instance is set to only allow private boards. This can lead to unauthorized access to sensitive information. Update WeKan to version 8.19 or later to ensure proper board creation is enforced.

What to do

No fix is available yet. Check with your software vendor for updates.

Affected software
VendorProductAffected versions
wekan_project wekan < 8.19
cpe:2.3:a:wekan_project:wekan:*:*:*:*:*:*:*:*
Original title
WeKan versions prior to 8.19 contain an authorization logic vulnerability where the instance configuration setting allowPrivateOnly is not sufficiently enforced at board creation time. When allowPr...
Original description
WeKan versions prior to 8.19 contain an authorization logic vulnerability where the instance configuration setting allowPrivateOnly is not sufficiently enforced at board creation time. When allowPrivateOnly is enabled, users can still create public boards due to incomplete server-side enforcement.
nvd CVSS3.1 4.3
nvd CVSS4.0 7.1
Vulnerability type
CWE-863 Incorrect Authorization
Published: 7 Feb 2026 · Updated: 15 Jun 2026 · First seen: 6 Mar 2026