PT-2026-7319 · Debian+3 · Kanboard+2
S2Ongmo
·
Published
2026-01-01
·
Updated
2026-02-10
·
CVE-2026-25530
CVSS v3.1
4.3
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Kanboard versions prior to 1.2.50
Description
Kanboard is project management software focused on Kanban methodology. The
getSwimlane() API method lacks project-level authorization, which allows authenticated users to access swimlane data from projects they are not authorized to access.Recommendations
Update to version 1.2.50.
Exploit
Fix
IDOR
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Kanboard
Kanboard-Cli
Python-Kanboard