| CVE | Vulnerability name | Date | Responsible Security Disclosure by | Vulnerabilities |
|---|---|---|---|---|
| - | InputBleed |
2026-06-18 EET |
GitHub CodeQL (code scanning alert #421) xet7 - maintainer of Wekan and Claude (fix)
![]() Automated code scanning flagged the incomplete multi-character sanitization, which was then fixed. |
|
| Timeline | Details |
|---|---|
| 2026-06-16 |
GitHub CodeQL code scanning first detected the incomplete multi-character sanitization
(js/incomplete-multi-character-sanitization) in client/lib/importDependencies.js
on branch main, raising alert #421 (severity High).
|
| 2026-06-18 |
Fixed by xet7 and Claude by looping the tag-stripping replacement to a fixed point and then
removing any remaining stray </> characters in stripHtml(),
and released in
Wekan v9.52 2026-06-18.
|