2025-12-15 00:00:00
mitre
PUBLISHED
An issue was discovered in Wekan The Open Source kanban board system up to version 18.15, fixed in 18.16. Unauthenticated attackers can update a boards "sort" value (Boards.allow returns true without verifying userId), allowing arbitrary reordering of boards.