← Volver a CVEs
CVE-2026-41454
HIGH8.3
Descripcion
WeKan before 8.35 contains a missing authorization vulnerability in the Integration REST API endpoints that allows authenticated board members to perform administrative actions without proper privilege verification. Attackers can enumerate integrations including webhook URLs, create new integrations, modify or delete existing integrations, and manage integration activities by exploiting insufficient authorization checks in the JsonRoutes REST handlers.
Detalles CVE
Puntuacion CVSS v3.18.3
SeveridadHIGH
Vector CVSSCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
Vector de ataqueNETWORK
ComplejidadLOW
Privilegios requeridosLOW
Interaccion usuarioNONE
Publicado4/22/2026
Ultima modificacion4/22/2026
Fuentenvd
Avistamientos honeypot0
Debilidades (CWE)
CWE-862
Referencias
https://github.com/wekan/wekan/commit/2cd702f48df2b8aef0e7381685f8e089986a18a4(disclosure@vulncheck.com)
https://github.com/wekan/wekan/releases/tag/v8.35(disclosure@vulncheck.com)
https://www.vulncheck.com/advisories/wekan-missing-authorization-via-integration-rest-api(disclosure@vulncheck.com)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.