PT-2026-26024 · Kanboard · Kanboard

Cydave

Published

2026-03-18

Updated

2026-03-19

CVE-2026-33058

CVSS v4.0

8.4

High

Vector

AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:N/SC:H/SI:L/SA:N

Name of the Vulnerable Software and Affected Versions Kanboard versions prior to 1.2.51

Description Kanboard is project management software focused on the Kanban methodology. Versions prior to 1.2.51 have an authenticated SQL injection issue. Attackers with permission to add users to a project can exploit this to dump the entire Kanboard database. The vulnerability allows for SQL injection through the addition of users to a project. The add users functionality is the point of exploitation. Version 1.2.51 resolves this issue.

Recommendations Versions prior to 1.2.51 should be updated to version 1.2.51 or later.

Exploit

Fix

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89

Related Identifiers

CVE-2026-33058

GHSA-F62R-M4MR-2XHH

Affected Products

Kanboard

PT-2026-26024 · Kanboard · Kanboard

CVE-2026-33058

Weakness Enumeration

Related Identifiers

Affected Products

References · 11