Security Advisory

CVE-2026-25567

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2026-02-07 21:58:53

Last updated 2026-05-11 23:11:14

Assigner VulnCheck

State PUBLISHED

Description

WeKan versions prior to 8.19 contain an insecure direct object reference (IDOR) in the card comment creation API. The endpoint accepts an authorId from the request body, allowing an authenticated user to spoof the recorded comment author by supplying another users identifier.

← Browse all CVEs View on cve.org ↗