MeldSecurity
Press Enter to search
CVE Database & Search โ†’
Sign In Get Started

CVE-2026-1897

๐ŸŸก MEDIUM

A vulnerability was found in WeKan up to 8.20. Affected by this issue is some unknown functionality of the file server/methods/positionHistory.js of the component Position-History Tracking. The manipu...

Published
Feb 05, 2026
Last Modified
Feb 05, 2026
Views
9
Bookmarks
0

Description

Request Expert Review

A vulnerability was found in WeKan up to 8.20. Affected by this issue is some unknown functionality of the file server/methods/positionHistory.js of the component Position-History Tracking. The manipulation results in missing authorization. The attack may be performed from remote. Upgrading to version 8.21 can resolve this issue. The patch is identified as 55576ec17722db094835470b386162c9a662fb60. It is advisable to upgrade the affected component.

CVSS Scores

CVSS 3.1 4.3
4.3
MEDIUM
CVSS 2.0 4.3

References

github.com github.com github.com vuldb.com vuldb.com vuldb.com

Additional Information

Source
cna@vuldb.com
State
Received

Related CVEs

CVE-2025-10314

HIGH

Incorrect Default Permissions vulnerability in Mitsubishi Electric Corporation FREQSHIP-mini for Windows versions 8.0.0 to 8.0.2 allows a local attack...

Score: 8.8

CVE-2025-11730

HIGH

A postโ€‘authentication command injection vulnerability in the Dynamic DNS (DDNS) configuration CLI command in Zyxel ATP series firmware versions from V...

Score: 7.2

CVE-2026-1898

MEDIUM

A vulnerability was determined in WeKan up to 8.20. This affects an unknown part of the file packages/wekan-ldap/server/syncUser.js of the component L...

Score: 6.3

CVE-2026-1896

MEDIUM

A vulnerability has been found in WeKan up to 8.20. Affected by this vulnerability is the function ComprehensiveBoardMigration of the file server/migr...

Score: 6.3

CVE-2025-13192

HIGH

The Popup builder with Gamification, Multi-Step Popups, Page-Level Targeting, and WooCommerce Triggers plugin for WordPress is vulnerable to generic S...

Score: 8.2

CVE-2019-25288

HIGH

Wacom WTabletService 6.6.7-3 contains an unquoted service path vulnerability that allows local attackers to execute malicious code with elevated privi...

Score: 7.8

Share CVE-2026-1897

Share on Social Media

Copy Link

Embed Code

Request Expert Analysis

Request a professional security analysis for CVE-2026-1897 from our verified experts.

Credits System

Use your credits to get expert analysis from verified security professionals. Purchase more credits anytime!

Add 3 credits for accelerated delivery

Base Cost: 8 credits
Priority Upgrade: + credits
SLA Acceleration: +3 credits
Total Cost:
Your Balance:

Insufficient Credits

You need more credits to submit this request.

Buy Credits

Report Analysis