{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2026-25567","assignerOrgId":"83251b91-4cc7-4094-a5c7-464a1b83ea10","state":"PUBLISHED","assignerShortName":"VulnCheck","dateReserved":"2026-02-02T20:12:33.397Z","datePublished":"2026-02-07T21:58:53.680Z","dateUpdated":"2026-03-05T01:30:51.295Z"},"containers":{"cna":{"affected":[{"defaultStatus":"unaffected","product":"WeKan","repo":"https://github.com/wekan/wekan","vendor":"WeKan","versions":[{"lessThan":"8.19","status":"affected","version":"0","versionType":"semver"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:wekan_project:wekan:*:*:*:*:*:*:*:*","versionEndExcluding":"8.20"}]}]}],"credits":[{"lang":"en","type":"finder","value":"Joshua Rogers"}],"descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"WeKan versions prior to 8.19 contain an insecure direct object reference (IDOR) in the card comment creation API. The endpoint accepts an authorId from the request body, allowing an authenticated user to spoof the recorded comment author by supplying another user's identifier."}],"value":"WeKan versions prior to 8.19 contain an insecure direct object reference (IDOR) in the card comment creation API. The endpoint accepts an authorId from the request body, allowing an authenticated user to spoof the recorded comment author by supplying another user's identifier."}],"metrics":[{"cvssV4_0":{"Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","Safety":"NOT_DEFINED","attackComplexity":"LOW","attackRequirements":"NONE","attackVector":"NETWORK","baseScore":5.3,"baseSeverity":"MEDIUM","exploitMaturity":"NOT_DEFINED","privilegesRequired":"LOW","providerUrgency":"NOT_DEFINED","subAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","userInteraction":"NONE","valueDensity":"NOT_DEFINED","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N","version":"4.0","vulnAvailabilityImpact":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnerabilityResponseEffort":"NOT_DEFINED"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-639","description":"CWE-639 Authorization Bypass Through User-Controlled Key","lang":"en","type":"CWE"}]}],"providerMetadata":{"orgId":"83251b91-4cc7-4094-a5c7-464a1b83ea10","shortName":"VulnCheck","dateUpdated":"2026-03-05T01:30:51.295Z"},"references":[{"tags":["patch"],"url":"https://github.com/wekan/wekan/commit/67cb47173c1a152d9eaf5469740992b2dacdf62d"},{"tags":["product"],"url":"https://wekan.fi/"},{"tags":["third-party-advisory"],"url":"https://www.vulncheck.com/advisories/wekan-card-comment-author-spoofing-via-user-controlled-authorid"}],"source":{"discovery":"UNKNOWN"},"title":"WeKan < 8.19 Card Comment Author Spoofing via User-controlled authorId","x_generator":{"engine":"Vulnogram 0.5.0"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2026-02-10T16:09:10.306935Z","id":"CVE-2026-25567","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2026-02-10T16:09:27.734Z"}}]}}