CVE-2026-25531

Medium CVSS: 4.3

Kanboard is project management software focused on Kanban methodology. Prior to 1.2.50, The fix for CVE-2023-33968 is incomplete. The TaskCreationController::duplicateProjects() endpoint does not validate user permissions for target projects, allowing authenticated users to duplicate tasks into projects they cannot access. This vulnerability is fixed in 1.2.50.

Vendor

Kanboard

Product

Kanboard

CWE

CWE-862

Yayın Tarihi

2026-02-13 15:15:57

Güncelleme

2026-02-13 20:43:30

Source Identifier

security-advisories@github.com

KEV Date Added

Kategoriler

CWE-862 Kanboard MEDIUM Kanboard 2026

Referanslar

https://github.com/kanboard/kanboard/commit/df7b7a21ee071f36466d8b38e40d0b0b8b8d394d https://github.com/kanboard/kanboard/releases/tag/v1.2.50 https://github.com/kanboard/kanboard/security/advisories/GHSA-vrm3-3337-whp9

Benzer Kayıtlar

High

CVE-2026-33058

Kanboard is project management software focused on Kanban methodology. Versions prior to 1.2.51 have an authenticated SQ…

High

CVE-2026-29056

Kanboard is project management software focused on Kanban methodology. Prior to 1.2.51, Kanboard's user invite registrat…

High

CVE-2026-25924

Kanboard is project management software focused on Kanban methodology. Prior to 1.2.50, a security control bypass vulner…

Medium

CVE-2026-25530

Kanboard is project management software focused on Kanban methodology. Prior to 1.2.50, the getSwimlane API method lacks…

Medium

CVE-2026-24885

Kanboard is project management software focused on Kanban methodology. Prior to 1.2.50, a Cross-Site Request Forgery (CS…

Medium

CVE-2026-21879

Kanboard is project management software focused on Kanban methodology. Versions 1.2.48 and below are vulnerable to an Op…