CVE-2026-55652
Wekan Header Login Vulnerability Allows Remote Account Takeover.
Halo Surface Signal: 4 out of 5 — likely to be public-facing.
Wekan, an open-source kanban application, has a vulnerability allowing unauthenticated attackers to impersonate users, including administrators, by manipulating specific headers. This could lead to unauthorized access and control of the application. Teams should confirm if Wekan is deployed and assess its exposure.