CVE-2026-52890 | Wekan up to 9.30 Attachments attachments.js getReadStream versions.original.path/versions.original.storage path traversal
A vulnerability labeled as critical has been found in Wekan up to 9.30. Affected by this issue is the function getReadStream of the file server/permissions/attachments.js of the component Attachments. Such manipulation of the argument versions.original.path/versions.original.storage leads to path traversal.
This vulnerability is traded as CVE-2026-52890. The attack may be launched remotely. There is no exploit available.VulDB Recent EntriesRead More