CVE-2026-25530

Medium CVSS: 4.3

Kanboard is project management software focused on Kanban methodology. Prior to 1.2.50, the getSwimlane API method lacks project-level authorization, allowing authenticated users to access swimlane data from projects they cannot access. This vulnerability is fixed in 1.2.50.

Vendor

Kanboard

Product

Kanboard

CWE

CWE-639

Yayın Tarihi

2026-02-10 17:16:21

Güncelleme

2026-02-13 20:21:29

Source Identifier

security-advisories@github.com

KEV Date Added

Kategoriler

CWE-639 Kanboard MEDIUM Kanboard 2026

Referanslar

https://github.com/kanboard/kanboard/commit/c3d8d20e05322b09e036fed7afb57194d624a414 https://github.com/kanboard/kanboard/releases/tag/v1.2.50 https://github.com/kanboard/kanboard/security/advisories/GHSA-6rxw-vvvj-r93q

Benzer Kayıtlar

High

CVE-2026-33058

Kanboard is project management software focused on Kanban methodology. Versions prior to 1.2.51 have an authenticated SQ…

High

CVE-2026-29056

Kanboard is project management software focused on Kanban methodology. Prior to 1.2.51, Kanboard's user invite registrat…

Medium

CVE-2026-25531

Kanboard is project management software focused on Kanban methodology. Prior to 1.2.50, The fix for CVE-2023-33968 is in…

High

CVE-2026-25924

Kanboard is project management software focused on Kanban methodology. Prior to 1.2.50, a security control bypass vulner…

Medium

CVE-2026-24885

Kanboard is project management software focused on Kanban methodology. Prior to 1.2.50, a Cross-Site Request Forgery (CS…

Medium

CVE-2026-21879

Kanboard is project management software focused on Kanban methodology. Versions 1.2.48 and below are vulnerable to an Op…