Wekan API Flaw Grants Board Members Admin Powers
The National Vulnerability Database has detailed CVE-2026-41454, a high-severity (CVSS 8.3) missing authorization vulnerability impacting Wekan versions prior to 8.35. This flaw resides within the Integration REST API endpoints, allowing authenticated board members to escalate privileges and perform administrative actions without proper verification. This isn’t a simple oversight; it’s a fundamental breakdown in access control.
Attackers can leverage this vulnerability to enumerate integrations, including sensitive webhook URLs. More critically, they can create new integrations, modify or delete existing ones, and manage integration activities. This level of control, stemming from insufficient authorization checks in the JsonRoutes REST handlers, means a standard board member can effectively hijack critical system functions that should be reserved for administrators. It’s a direct path to broader system compromise and data exfiltration.
For defenders, this is a clear call to action. Any Wekan deployment running versions older than 8.35 is exposed. The attacker’s calculus here is straightforward: gain a foothold as a regular user, then exploit this flaw to gain admin-level control. This bypasses much of the typical privilege escalation detection and makes lateral movement significantly easier for an adversary.
What This Means For You
- If your organization uses Wekan, you need to immediately verify your version. If it's earlier than 8.35, you are exposed to a critical privilege escalation. Patch to the latest version without delay. Additionally, audit your Wekan integration logs for any unauthorized creation, modification, or deletion of integrations, especially those involving webhook URLs, as these could be used for data exfiltration or command and control.
Related ATT&CK Techniques
🛡️ Detection Rules
3 rules · 6 SIEM formats3 detection rules auto-generated for this incident, mapped to MITRE ATT&CK. Sigma YAML is free — export to any SIEM format via the Intel Bot.
CVE-2026-41454 - WeKan Integration API Admin Actions
Indicators of Compromise
| ID | Type | Indicator |
|---|---|---|
| CVE-2026-41454 | Auth Bypass | Wekan before 8.35 |
| CVE-2026-41454 | Auth Bypass | Missing authorization in Integration REST API endpoints |
| CVE-2026-41454 | Auth Bypass | Insufficient authorization checks in JsonRoutes REST handlers |
| CVE-2026-41454 | Information Disclosure | Enumerate integrations including webhook URLs via Integration REST API |
| CVE-2026-41454 | Privilege Escalation | Perform administrative actions (create, modify, delete integrations) via Integration REST API |
Written by SCW Vulnerability Desk
Source & Attribution
| Source Platform | NVD |
| Channel | National Vulnerability Database |
| Published | April 23, 2026 at 01:16 UTC |
This content was AI-rewritten and enriched by Shimi's Cyber World based on the original source. All intellectual property rights remain with the original author.
Believe this infringes your rights? Submit a takedown request.
Related Posts
CVE-2026-6878 — ByteDance Verl Vulnerability
CVE-2026-6878 — A vulnerability was identified in ByteDance verl up to 0.7.0. Affected is the function math_equal of the file prime_math/grader.py. The manipulation leads to...
CVE-2026-6874 — A vulnerability was determined in ericc-ch copilot-api up
CVE-2026-6874 — A vulnerability was determined in ericc-ch copilot-api up to 0.7.0. This impacts an unknown function of the file /token of the component Header...
IBM Storage Console Flaw: Unauthenticated RCE Risk
CVE-2026-5935 — IBM Total Storage Service Console (TSSC) / TS4500 IMC 9.2, 9.3, 9.4, 9.5, 9.6 TSSC/IMC could allow an unauthenticated user to execute arbitrary commands...