{"id":76599,"date":"2026-02-08T01:46:02","date_gmt":"2026-02-07T22:16:02","guid":{"rendered":"https:\/\/afaghhosting.net\/blog\/cve-2026-25568-wekan-8-19-allowprivateonly-setting-enforcement-bypass\/"},"modified":"2026-02-08T01:46:02","modified_gmt":"2026-02-07T22:16:02","slug":"cve-2026-25568-wekan-8-19-allowprivateonly-setting-enforcement-bypass","status":"publish","type":"post","link":"https:\/\/afaghhosting.net\/blog\/cve-2026-25568-wekan-8-19-allowprivateonly-setting-enforcement-bypass\/","title":{"rendered":"CVE-2026-25568 &#8211; WeKan &lt; 8.19 allowPrivateOnly Setting Enforcement Bypass"},"content":{"rendered":"<p>CVE ID : CVE-2026-25568<\/p>\n<p>Published :  Feb. 7, 2026, 10:16 p.m. | 1\u00a0hour, 3\u00a0minutes ago<\/p>\n<p>Description : WeKan versions prior to 8.19 contain an authorization logic vulnerability where the instance configuration setting allowPrivateOnly is not sufficiently enforced at board creation time. When allowPrivateOnly is enabled, users can still create public boards due to incomplete server-side enforcement.<\/p>\n<p>Severity: 7.1 | HIGH<\/p>\n<p>Visit the link for more details, such as CVSS details, affected products, timeline, and more&#8230;\u00a0<\/p>\n","protected":false},"excerpt":{"rendered":"<p>CVE ID : CVE-2026-25568 Published : Feb. 7, 2026, 10:16 p.m. | 1\u00a0hour, 3\u00a0minutes ago Description : WeKan versions prior to 8.19 contain an authorization logic vulnerability where the instance configuration setting allowPrivateOnly is not sufficiently enforced at board creation time. When allowPrivateOnly is enabled, users can still create public boards due to incomplete server-side &hellip;<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[26],"tags":[],"class_list":["post-76599","post","type-post","status-publish","format-standard","hentry","category-vulnerability"],"_links":{"self":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/76599","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/comments?post=76599"}],"version-history":[{"count":0,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/76599\/revisions"}],"wp:attachment":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/media?parent=76599"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/categories?post=76599"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/tags?post=76599"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}