kanboard

Top products

The 15 most recently published vulnerabilities affecting kanboard.

• CVE-2026-33058Kanboard has Authenticated SQL Injection in Project Permissions Handler6.5Mar 18, 2026
• CVE-2026-29056Kanboard's privilege escalation via mass assignment in user invite registration allows any invited user to become admin8.8Mar 18, 2026
• CVE-2026-25531Kanboard TaskCreationController::duplicateProjects() endpoint does not validate user permissions for target projects4.3Feb 13, 2026
• CVE-2026-25924Kanboard is Missing Access Control on Plugin Installation leading to Administrative RCE8.4Feb 11, 2026
• CVE-2026-25530Kanboard is missing authorization check in getSwimlane API allows cross-project data access4.3Feb 10, 2026
• CVE-2026-24885Kanboard Affected by Cross-Site Request Forgery (CSRF) via Content-Type Misconfiguration in Project Role Assignment5.7Feb 10, 2026
• CVE-2026-21881Kanboard is Vulnerable to Reverse Proxy Authentication Bypass9.1Jan 8, 2026
• CVE-2026-21880Kanboard LDAP Injection Vulnerability can Lead to User Enumeration and Information Disclosure5.3Jan 8, 2026
• CVE-2026-21879Kanboard vulnerable to Open Redirect via protocol-relative URLs4.7Jan 8, 2026
• CVE-2025-55010Kanboard Authenticated Admin Remote Code Execution via Unsafe Deserialization of Events9.1Aug 12, 2025
• CVE-2025-55011Kanboard Path Traversal in File Write via Task File Upload Api6.4Aug 12, 2025
• CVE-2025-52576Kanboard vulnerable to Username Enumeration via Login Behavior and Bruteforce Protection Bypass5.3Jun 25, 2025
• CVE-2025-52560Kanboard Password Reset Poisoning via Host Header Injection8.1Jun 24, 2025
• CVE-2025-46825Kanboard has stored Cross-site Scripting vulnerability in project name5.4May 12, 2025
• CVE-2024-55603Insufficient session invalidation in Kanboard6.5Dec 18, 2024