Home

Description

A vulnerability was detected in WeKan up to 8.18. The affected element is the function setCreateTranslation of the file client/components/settings/translationBody.js of the component Custom Translation Handler. The manipulation results in improper authorization. The attack can be launched remotely. Upgrading to version 8.19 is sufficient to fix this issue. The patch is identified as f244a43771f6ebf40218b83b9f46dba6b940d7de. It is suggested to upgrade the affected component.

PUBLISHED Reserved 2026-02-08 | Published 2026-02-08 | Updated 2026-02-23 | Assigner VulDB




MEDIUM: 5.3CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X
MEDIUM: 6.3CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:X/RL:O/RC:C
MEDIUM: 6.3CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:X/RL:O/RC:C
6.5AV:N/AC:L/Au:S/C:P/I:P/A:P/E:ND/RL:OF/RC:C

Problem types

Improper Authorization

Incorrect Privilege Assignment

Timeline

2026-02-08:Advisory disclosed
2026-02-08:VulDB entry created
2026-02-12:VulDB entry last update

Credits

MegaManSec (VulDB User) reporter

References

vuldb.com/?id.344923 (VDB-344923 | WeKan Custom Translation translationBody.js setCreateTranslation improper authorization) vdb-entry technical-description

vuldb.com/?ctiid.344923 (VDB-344923 | CTI Indicators (IOB, IOC, TTP, IOA)) signature permissions-required

vuldb.com/?submit.752269 (Submit #752269 | Wekan <8.20 IDOR in setCreateTranslation. Non-admin could change Custom Tran) third-party-advisory

github.com/...ommit/f244a43771f6ebf40218b83b9f46dba6b940d7de patch

github.com/wekan/wekan/releases/tag/v8.19 patch

github.com/wekan/wekan/ product

cve.org (CVE-2026-2209)

nvd.nist.gov (CVE-2026-2209)

Download JSON