Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

kanboard — Vulnerabilities & Security Advisories 25

All 25 CVE vulnerabilities found in kanboard, with AI-generated Chinese analysis, references, and POCs.

Vendor: kanboard

CVE IDTitleCVSSSeverityPublished
CVE-2026-33058 Kanboard has Authenticated SQL Injection in Project Permissions Handler CWE-89 6.5 -2026-03-18
CVE-2026-29056 Kanboard's privilege escalation via mass assignment in user invite registration allows any invited user to become admin CWE-915 8.8 -2026-03-18
CVE-2026-25531 Kanboard TaskCreationController::duplicateProjects() endpoint does not validate user permissions for target projects CWE-862 4.3 Medium2026-02-13
CVE-2026-25924 Kanboard is Missing Access Control on Plugin Installation leading to Administrative RCE CWE-863 8.5 High2026-02-11
CVE-2026-25530 Kanboard is missing authorization check in getSwimlane API allows cross-project data access CWE-639 4.3 Medium2026-02-10
CVE-2026-24885 Kanboard Affected by Cross-Site Request Forgery (CSRF) via Content-Type Misconfiguration in Project Role Assignment CWE-352 5.7 Medium2026-02-10
CVE-2026-21881 Kanboard is Vulnerable to Reverse Proxy Authentication Bypass CWE-287 9.1 Critical2026-01-08
CVE-2026-21880 Kanboard LDAP Injection Vulnerability can Lead to User Enumeration and Information Disclosure CWE-90 5.3 Medium2026-01-08
CVE-2026-21879 Kanboard vulnerable to Open Redirect via protocol-relative URLs CWE-601 4.7 Medium2026-01-08
CVE-2025-55010 Kanboard Authenticated Admin Remote Code Execution via Unsafe Deserialization of Events CWE-502 9.1 Critical2025-08-12
CVE-2025-55011 Kanboard Path Traversal in File Write via Task File Upload Api CWE-22 6.4 Medium2025-08-12
CVE-2025-52576 Kanboard vulnerable to Username Enumeration via Login Behavior and Bruteforce Protection Bypass CWE-203 5.3 Medium2025-06-25
CVE-2025-52560 Kanboard Password Reset Poisoning via Host Header Injection CWE-640 8.1 High2025-06-24
CVE-2025-46825 Kanboard has stored Cross-site Scripting vulnerability in project name CWE-79 6.1AIMediumAI2025-05-12
CVE-2024-55603 Insufficient session invalidation in Kanboard CWE-613 6.5 Medium2024-12-18
CVE-2024-54001 Kanboard allows a persistent HTML injection site scripting in settings page date format CWE-80 5.5 Medium2024-12-05
CVE-2024-51747 Arbitrary File Read and Delete in kanboard CWE-22 9.1 Critical2024-11-11
CVE-2024-51748 Remote code execution through language setting in kanboard CWE-22 9.1 Critical2024-11-11
CVE-2024-36399 Kanboard affected by Project Takeover via IDOR in ProjectPermissionController CWE-284 8.2 High2024-06-06
CVE-2023-36813 Kanboard Authenticated SQL Injections vulnerability CWE-89 7.1 High2023-07-05
CVE-2023-33969 Stored Cross site scripting in the Task External Link Functionality in Kanboard CWE-79 6.4 Medium2023-06-05
CVE-2023-33970 Missing access control in internal task links feature in Kanboard CWE-862 5.4 Medium2023-06-05
CVE-2023-33968 Missing Access Control allows User to move and duplicate tasks in Kanboard CWE-862 5.4 Medium2023-06-05
CVE-2023-33956 Parameter based Indirect Object Referencing leading to private file exposure in Kanboard CWE-200 4.3 Medium2023-06-05
CVE-2023-32685 Clipboard based cross-site scripting (blocked with default CSP) in Kanboard CWE-79 4.4 Medium2023-05-30

All 25 known CVE vulnerabilities affecting kanboard with full Chinese analysis, references, and POCs where available.