CVE-2026-2206HIGH 8.8EPSS p14.7%

CVE-2026-2206CVE-2026-2206

Description

A security flaw has been discovered in WeKan up to 8.20. This vulnerability affects unknown code of the file server/methods/fixDuplicateLists.js of the component Administrative Repair Handler. Performing a manipulation results in improper access controls. It is possible to initiate the attack remotely. Upgrading to version 8.21 is able to resolve this issue. The patch is named 4ce181d17249778094f73d21515f7f863f554743. It is advisable to upgrade the affected component.

Scoring

CVSS 3.18.8 (HIGH)
VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS0.24% probability of exploitation · percentile 14.7% · 2026-06-19T12:03:05Z
Published2026-02-08
Last modified2026-02-11

Underlying weaknesses· 2

CWE-266CWE-284

References

  1. https://github.com/wekan/wekan/
  2. https://github.com/wekan/wekan/commit/4ce181d17249778094f73d21515f7f863f554743
  3. https://github.com/wekan/wekan/releases/tag/v8.21
  4. https://vuldb.com/?ctiid.344920
  5. https://vuldb.com/?id.344920
  6. https://vuldb.com/?submit.752162

2

TypeTargetConfidenceTier
WeaknessIncorrect Privilege Assignmentcwe-2660%live
WeaknessImproper Access Controlcwe-2840%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-1963
CVE
CVE-2026-1962
CVE
CVE-2026-41454
CVE
CVE-2025-65780
CVE
CVE-2026-41455
CVE
CVE-2026-2141
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.