CVE-2026-1895— WeKan Attachment Storage lists.js applyWipLimit ListWIPBleed access control

CVSS 6.3 · Medium EPSS 0.02% · P6 Updated Feb 23, 2026

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2026-1895

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

WeKan Attachment Storage lists.js applyWipLimit ListWIPBleed access control

Source: NVD (National Vulnerability Database)

Vulnerability Description

A flaw has been found in WeKan up to 8.20. Affected is the function applyWipLimit of the file models/lists.js of the component Attachment Storage Handler. Executing a manipulation can lead to improper access controls. The attack can be executed remotely. Upgrading to version 8.21 is able to address this issue. This patch is called 8c0b4f79d8582932528ec2fdf2a4487c86770fb9. It is recommended to upgrade the affected component.

Source: NVD (National Vulnerability Database)

CVSS Information

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Source: NVD (National Vulnerability Database)

Vulnerability Type

访问控制不恰当

Source: NVD (National Vulnerability Database)

Vulnerability Title

WeKan 访问控制错误漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

WeKan是WeKan开源的一个看板应用程序。 WeKan 8.20及之前版本存在访问控制错误漏洞，该漏洞源于对文件models/lists.js中函数的操作导致访问控制不当。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
-	WeKan	8.0	-

II. Public POCs for CVE-2026-1895

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2026-1895

请登录查看更多情报信息。

Submit #742666: Wekan <8.21 Improper access control (CWE-284)third-party-advisory
CVE-2026-1895 WeKan Attachment Storage lists.js applyWipLimit ListWIPBleed access controlvdb-entrytechnical-description
https://nvd.nist.gov/vuln/detail/CVE-2026-1895

Same Patch Batch · n/a · 2026-02-04 · 12 CVEs total

CVE-2025-15555	7.3 HIGH	Open5GS VoLTE Cx-Test hss-cx-path.c hss_ogs_diam_cx_mar_cb stack-based overflow
CVE-2026-1896	6.3 MEDIUM	WeKan Migration Operation comprehensiveBoardMigration.js ComprehensiveBoardMigration Migra
CVE-2026-1894	6.3 MEDIUM	WeKan REST API checklistItems.js Checklist REST Bleed improper authorization
CVE-2026-1892	5.0 MEDIUM	WeKan REST API boards.js setBoardOrgs improper authorization
CVE-2026-1884	4.7 MEDIUM	ZenTao Webhook model.php fetchHook server-side request forgery
CVE-2025-69620		nTools Office Reader - PDF,Word,Excel 安全漏洞
CVE-2025-69621		Android Tools Comic Book Reader 安全漏洞
CVE-2025-69618		coto Tarot, Astro & Healing 安全漏洞
CVE-2025-70997		ELADMIN 安全漏洞
CVE-2025-70545		PPC 2K05X 安全漏洞
CVE-2025-71031		Melon 安全漏洞

IV. Related Vulnerabilities

Same product: WeKan

Same vendor: n/a

Same weakness: CWE-284

V. Comments for CVE-2026-1895

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2026-1895— WeKan Attachment Storage lists.js applyWipLimit ListWIPBleed access control

I. Basic Information for CVE-2026-1895

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2026-1895

III. Intelligence Information for CVE-2026-1895

Same Patch Batch · n/a · 2026-02-04 · 12 CVEs total

IV. Related Vulnerabilities

V. Comments for CVE-2026-1895

Leave a comment