CyberRota
← Ana sayfaya dön

CVE-2026-59154

MEDIUM · CVSS 4.3 Public Exploit

Kaynak: NVD + CISA KEV + EPSS · Yayınlanma: 2026-07-10T17:17:02.113 · Çekilme zamanı: 2026-07-10T18:28:19.499692+00:00

CyberRota Yorumu

Saldırganın giriş yapmış olması gerekebilir.

Public Exploit Sinyali

Bu CVE için açıklama veya referanslarda public exploit / PoC / GitHub / Metasploit sinyali tespit edildi.

Not: Bu bağlantılar yalnızca güvenlik araştırması ve doğrulama amacıyla listelenmiştir.

CVE
CVE-2026-59154
Severity
MEDIUM
CVSS
4.3
EPSS
Yok

Orijinal NVD Açıklaması

Wekan is open source kanban built with Meteor. Prior to 9.64, Wekan has a cross-board authorization bypass in the direct Meteor collection allow rules for Checklists and ChecklistItems because updates are authorized only against the current source doc.cardId and do not inspect the destination cardId or boardId in the update modifier, allowing a low-privileged authenticated user with write access to one board and knowledge of a target private card id to create checklist data on an accessible card and move it into a private board where they are not a member. This issue is fixed in version 9.64.