Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1336 CNY

100%

CVE-2026-55234— Wekan: Broken access control: any authenticated user can move their Cards/Lists/Swimlanes into a private board they are not a member of (cross-board write via collection allow rule)

CVSS 8.5 · High EPSS 0.24% · P15

Affected Version Matrix 1

VendorProductVersion RangeStatus
wekanwekan< 9.37affected
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2026-55234

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
Wekan: Broken access control: any authenticated user can move their Cards/Lists/Swimlanes into a private board they are not a member of (cross-board write via collection allow rule)
Source: NVD (National Vulnerability Database)
Vulnerability Description
Wekan is open source kanban built with Meteor. Prior to 9.37, Wekan DDP update allow rules in server/permissions/cards.js, server/permissions/lists.js, and server/permissions/swimlanes.js authorize against the stored source boardId and do not validate a new boardId in the update modifier. Any authenticated user with write access to their own board can call /cards/update, /lists/update, or /swimlanes/update to move cards, lists, or swimlanes into a private board they are not a member of. This issue is fixed in version 9.37.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:L
Source: NVD (National Vulnerability Database)
Vulnerability Type
访问控制不恰当
Source: NVD (National Vulnerability Database)
Vulnerability Title
Wekan 权限许可和访问控制问题漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
WeKan wekan是WeKan团队的协同项目管理平台。 Wekan 9.37之前版本存在安全漏洞,该漏洞源于DDP更新规则在server/permissions/cards.js、server/permissions/lists.js和server/permissions/swimlanes.js中针对存储的源boardId进行授权,未验证更新修饰符中的新boardId,导致任何具有自己board写权限的认证用户可以通过调用/cards/update、/lists/update或/swimlanes/
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
wekanwekan < 9.37 -

II. Public POCs for CVE-2026-55234

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium
Qwen3.6-35B-A3B · 6020 chars
Pro+ exclusive includes:
Vulnerability reproduction recording (real sandbox build + trigger, exclusive)
In-depth vulnerability mechanism
Trigger conditions & impact
Full executable POC code
Exploit chain & mitigation
POC zip download
100+ AI POC generations per month

III. Intelligence Information for CVE-2026-55234

登录查看更多情报信息。

Patches & Fixes for CVE-2026-55234 (1)

Vendor Advisories for CVE-2026-55234 (1)

Vendor Pages for CVE-2026-55234 (1)

Same Patch Batch · wekan · 2026-07-15 · 10 CVEs total

CVE-2026-528919.9 CRITICALWekan: Shell Injection via Avatar Upload
CVE-2026-556529.8 CRITICALWekan: Header-login IP allowlist bypass via X-Forwarded-For spoofing in Wekan allows unaut
CVE-2026-528907.1 HIGHWekan: Arbitrary file read and server DoS via attachment versions.original.path
CVE-2026-534476.5 MEDIUMWekan: `cloneBoard` Meteor method has no authorization check — any user can clone (read) a
CVE-2026-528926.5 MEDIUMWekan: Read-only board members can create/modify/delete Custom Fields (privilege escalatio
CVE-2026-53444Wekan: Missing authorization on OIDC Meteor methods allows privilege escalation to admin
CVE-2026-53445Wekan: Authorization bypass in copyBoard DDP method allows any user to copy private boards
CVE-2026-53446Wekan: Server-Side Request Forgery (SSRF) via webhook integration URLs
CVE-2026-52893Wekan: OIDC Account Takeover via Unconditional Email-Based Account Merge in onCreateUser h

IV. Related Vulnerabilities

V. Comments for CVE-2026-55234

No comments yet


Leave a comment