WeKan SSRF Vulnerability: Internal Network Exposure Risk
The National Vulnerability Database has detailed CVE-2026-41455, a server-side request forgery (SSRF) vulnerability in WeKan before version 8.35. This flaw resides in the webhook integration URL handling, where the system fails to restrict protocols or validate destination addresses. This isn’t some theoretical bypass; it’s a direct path to internal network interaction.
Attackers who can create or modify integrations can weaponize this by setting webhook URLs to internal network addresses. This forces the WeKan server to issue HTTP POST requests to attacker-controlled targets within the internal network, complete with full board event payloads. The severity is high, rated 8.5 CVSS, indicating a significant risk. The critical aspect here is the potential for unauthorized access to internal services and the ability to overwrite arbitrary comment text without authorization checks, which can be leveraged for obfuscation or further exploitation.
This is a critical blind spot for defenders. The attacker’s calculus is clear: leverage a legitimate application’s functionality to pivot internally. CISOs need to recognize that an application like WeKan, often seen as an internal collaboration tool, can become an attacker’s proxy. The lack of proper validation on webhook URLs turns a feature into a formidable reconnaissance and exploitation vector.
What This Means For You
- If your organization uses WeKan, you need to check your version immediately. Patch to 8.35 or newer to mitigate CVE-2026-41455. Beyond patching, audit your existing webhook integrations for any suspicious or unauthorized URLs configured to internal IP addresses or non-standard protocols. This vulnerability allows an authenticated attacker (with integration modification privileges) to effectively scan and interact with internal network services through your WeKan instance.
Related ATT&CK Techniques
🛡️ Detection Rules
3 rules · 6 SIEM formats3 detection rules auto-generated for this incident, mapped to MITRE ATT&CK. Sigma YAML is free — export to any SIEM format via the Intel Bot.
WeKan SSRF - Unrestricted Webhook URL Schema - CVE-2026-41455
Indicators of Compromise
| ID | Type | Indicator |
|---|---|---|
| CVE-2026-41455 | SSRF | Wekan before 8.35 |
| CVE-2026-41455 | SSRF | webhook integration URL handling |
| CVE-2026-41455 | Auth Bypass | overwrite arbitrary comment text without authorization checks |
Written by SCW Vulnerability Desk
Source & Attribution
| Source Platform | NVD |
| Channel | National Vulnerability Database |
| Published | April 23, 2026 at 01:16 UTC |
This content was AI-rewritten and enriched by Shimi's Cyber World based on the original source. All intellectual property rights remain with the original author.
Believe this infringes your rights? Submit a takedown request.
Related Posts
CVE-2026-6878 — ByteDance Verl Vulnerability
CVE-2026-6878 — A vulnerability was identified in ByteDance verl up to 0.7.0. Affected is the function math_equal of the file prime_math/grader.py. The manipulation leads to...
CVE-2026-6874 — A vulnerability was determined in ericc-ch copilot-api up
CVE-2026-6874 — A vulnerability was determined in ericc-ch copilot-api up to 0.7.0. This impacts an unknown function of the file /token of the component Header...
IBM Storage Console Flaw: Unauthenticated RCE Risk
CVE-2026-5935 — IBM Total Storage Service Console (TSSC) / TS4500 IMC 9.2, 9.3, 9.4, 9.5, 9.6 TSSC/IMC could allow an unauthenticated user to execute arbitrary commands...