CVE-2026-59154: Wekan Authorization Bypass Vulnerability Disclosed

CVE-2026-59154: Wekan Authorization Bypass Vulnerability Disclosed

First seen 11 Jul 2026, 12:09 UTC Feedlynvd.nist.govwww.incibe.escve.akaoma.comcvefeed.io+1 92% similarity 57.1

Article Content

Browse articles
ThreatCluster

A critical vulnerability, CVE-2026-59154, was published on July 10, 2026, affecting Wekan, an open-source kanban tool built with Meteor. The flaw allows low-privileged authenticated users with write access to one board to bypass authorization checks, enabling them to create checklist data on accessible cards and move it into private boards where they are not members. This vulnerability is due to the lack of inspection of destination cardId or boardId in update modifiers. It has been assigned a CVSS base score of 4.3, indicating medium risk. The issue has been resolved in version 9.64 of Wekan. Security professionals are advised to update to the latest version to mitigate this risk.

Key Points: • CVE-2026-59154 allows unauthorized access to private boards in Wekan. • The vulnerability affects versions prior to 9.64 and has a CVSS score of 4.3. • Users are urged to upgrade to version 9.64 to address this security issue.

ThreatCluster AI

Timeline

2026-07-10
CVE-2026-59154 published
CVE-2026-59154 was disclosed, revealing an authorization bypass in Wekan affecting versions prior to 9.64.
cvefeed.io
2026-07-11
Wekan vulnerability reported by NVD
The National Vulnerability Database confirmed the details of CVE-2026-59154, highlighting its impact and fix.
nvd.nist.gov
2026-07-11
Exploitation details published
Feedly reported on the exploitability of CVE-2026-59154, assigning it a medium risk level.
Feedly
2026-07-11
INCIBE-CERT assessment released
INCIBE-CERT assessed the vulnerability, providing a CVSS score of 3.1 and detailing its access vector and impact.
www.incibe.es
2026-07-11
AKAOMA CVE report published
AKAOMA reported on CVE-2026-59154, reiterating its risk level and potential for exploitation.
cve.akaoma.com

Community

Browse all →