SSRF in Wekan

CVE-2026-53446

Wekan is open source kanban built with Meteor. Prior to 9.32, Wekan webhook integration URLs in models/integrations.js are stored from user input and later fetched by server/notifications/outgoing.js without applying the existing validateA…

Vulnerability class: SSRF (Server-Side Request Forgery)

Affected products

  • Wekan — versions < 9.32

Weakness classification (CWE)

References