CVE-2026-33058
CVE-2026-33058
8.4
HighPublished:
Last updated:
Source:security-advisories@github.com
Analyzed
Weakness (CWE)
CVSS Vector
v4.0- Attack Vector
- Network
- Attack Complexity
- Low
- Attack Requirements
- None
- Privileges Required
- Low
- User Interaction
- None
- Confidentiality (Vulnerable)
- High
- Integrity (Vulnerable)
- Low
- Availability (Vulnerable)
- None
- Confidentiality (Subsequent)
- High
- Integrity (Subsequent)
- Low
- Availability (Subsequent)
- None
Description
Kanboard is project management software focused on Kanban methodology. Versions prior to 1.2.51 have an authenticated SQL injection vulnerability. Attackers with the permission to add users to a project can leverage this vulnerability to dump the entirety of the kanboard database. Version 1.2.51 fixes the issue.
References
security-advisories@github.com
https://github.com/kanboard/kanboard/security/advisories/GHSA-f62r-m4mr-2xhh