CVE-2026-52891 | Wekan up to 8.35 Avatar Upload models/avatars.js exec filename os command injection
A vulnerability described as critical has been identified in Wekan up to 8.35. Affected by this issue is the function exec of the file models/avatars.js of the component Avatar Upload. Executing a manipulation of the argument filename can lead to os command injection.
This vulnerability appears as CVE-2026-52891. The attack may be performed from remote. There is no available exploit.VulDB Recent EntriesRead More