CVE-2026-25924

Name of the Vulnerable Software and Affected Versions Kanboard versions prior to 1.2.50

Description Kanboard is project management software based on the Kanban methodology. A security control bypass allows an authenticated administrator to achieve Remote Code Execution (RCE). The application does not properly verify a security setting, allowing an attacker to force the server to download and install a malicious plugin, leading to arbitrary code execution. The vulnerable endpoint bypasses the PLUGIN INSTALLER configuration when set to false.

Recommendations Update to version 1.2.50 or later.