Ghostwire
Home / Vulnerabilities / CVE-2026-41454

CVE-2026-41454: WeKan before 8.35 contains a missing authorization vulnerability in the Integration REST API endpoints that allows...

HIGH CVSS 7.5

Published: April 22, 2026 | Last Modified: April 22, 2026

Description

WeKan before 8.35 contains a missing authorization vulnerability in the Integration REST API endpoints that allows authenticated board members to perform administrative actions without proper privilege verification. Attackers can enumerate integrations including webhook URLs, create new integrations, modify or delete existing integrations, and manage integration activities by exploiting insufficient authorization checks in the JsonRoutes REST handlers.

Ghostwire Analysis — What This Means Practically

This analysis is generated by Ghostwire from NVD, CISA KEV, EPSS, and open-source intelligence data. Verify findings through primary sources before acting.

Security Coverage (2 articles)

Tenable CVEs
CVE-2026-41454
 CVE Feed
CVE-2026-41454 - WeKan < 8.35 Missing Authorization via Integration REST API

References