HIGHCVE-2026-33058Published 2026-03-18Modified 2026-03-18CNA GitHub_M

CVE-2026-33058: Kanboard has Authenticated SQL Injection in Project Permissions Handler

Kanboard is project management software focused on Kanban methodology. Versions prior to 1.2.51 have an authenticated SQL injection vulnerability. Attackers with the permission to add users to a project can leverage this vulnerability to dump the entirety of the kanboard database. Version 1.2.51 fixes the issue.

CVSS v4.0: 8.4
Severity: HIGH
Fixed in: —
Affected Products: 1

Affected packages

kanboard / kanboard
< 1.2.51

CVSS Vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:N/SC:H/SI:L/SA:N

References

https://github.com/kanboard/kanboard/security/advisories/GHSA-f62r-m4mr-2xhh

Metrics