CVE-2026-25859 Wekan — Exploit & Vulnerability Details HIGH

CVE-2026-25859

HIGH CVSS 4.0: 7.1 EPSS 0.02%

Parameter	Value
CVSS	7.1 (HIGH)
Affected Versions	before 8.20
Type	CWE-863 (Incorrect Authorization)
Vendor	Wekan
Public PoC	No

Wekan versions prior to 8.20 allow non-administrative users to access migration functionality due to insufficient permission checks, potentially resulting in unauthorized migration operations.

Attack Parameters

Attack Vector

Network

Can be exploited remotely

Attack Complexity

Low

Easy to exploit

Attack Requirements

None

No additional conditions

Privileges Required

Low

Basic privileges needed

User Interaction

None

No user interaction needed

Impact Assessment

Confidentiality

None

No data leak

Integrity

High

Complete data modification

Availability

Low

Partial disruption

CVSS Vector v4.0

Weakness Type (CWE)

CWE-863 Incorrect Authorization

References 3

https://github.com/wekan/wekan/commit/cbb1cd78de3e40264a5e047ace0ce27f8635b4e6

disclosure@vulncheck.com

https://wekan.fi/

disclosure@vulncheck.com

https://www.vulncheck.com/advisories/wekan-migration-functionality-insufficient…

disclosure@vulncheck.com

Share Post Share Share Share

Related Vulnerabilities

CVE-2026-30847

Wekan

9.3

CVE-2026-30846

Wekan

8.7

CVE-2026-30845

Wekan

6.9

CVE-2026-30844

Wekan

9.3

CVE-2026-30843

Wekan

9.3

Menu

CVE-2026-25859

Attack Parameters

Impact Assessment

CVSS Vector v4.0

Weakness Type (CWE)

References 3

Related Vulnerabilities

CVE-2026-30847

CVE-2026-30846

CVE-2026-30845

CVE-2026-30844

CVE-2026-30843

CVE Details

Editor's Choice

Menu

CVE-2026-25859

Attack Parameters

Impact Assessment

CVSS Vector v4.0

Weakness Type (CWE)

References 3

Related Vulnerabilities

CVE-2026-30847

CVE-2026-30846

CVE-2026-30845

CVE-2026-30844

CVE-2026-30843

CVE Details

Editor's Choice

Stay informed on cybersecurity