Skip to main content

Ubuntu CVE-2026-29056

| EUVDEUVD-2026-12740 HIGH
Improperly Controlled Modification of Dynamically-Determined Object Attributes (CWE-915)
2026-03-18 GitHub_M
8.8
CVSS 3.1 · GitHub Advisory
Share

Severity by source

GitHub Advisory PRIMARY
8.8 HIGH
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Ubuntu
MEDIUM
qualitative

Primary rating from GitHub Advisory.

CVSS VectorGitHub Advisory

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

4
Patch released
Mar 31, 2026 - 21:13 nvd
Patch available
EUVD ID Assigned
Mar 18, 2026 - 02:30 euvd
EUVD-2026-12740
Analysis Generated
Mar 18, 2026 - 02:30 vuln.today
CVE Published
Mar 18, 2026 - 01:56 nvd
HIGH 8.8

DescriptionGitHub Advisory

Kanboard is project management software focused on Kanban methodology. Prior to 1.2.51, Kanboard's user invite registration endpoint (UserInviteController::register()) accepts all POST parameters and passes them to UserModel::create() without filtering out the role field. An attacker who receives an invite link can inject role=app-admin in the registration form to create an administrator account. Version 1.2.51 fixes the issue.

AnalysisAI

Kanboard project management software contains a privilege escalation vulnerability in its user invite registration endpoint that allows invited users to inject the 'role=app-admin' parameter during account creation, granting themselves administrator privileges. This affects all Kanboard versions prior to 1.2.51. The vulnerability has documented proof-of-concept exploitation capability (CVSS E:P indicates PoC exists) and carries a CVSS 4.0 score of 7.0 with high integrity impact to both the vulnerable system and subsequent components.

Technical ContextAI

This vulnerability affects Kanboard (cpe:2.3:a:kanboard:kanboard), an open-source project management application based on the Kanban methodology. The root cause is CWE-915 (Improperly Controlled Modification of Dynamically-Determined Object Attributes), commonly known as mass assignment vulnerability. The UserInviteController::register() endpoint accepts all POST parameters from user registration forms and passes them directly to UserModel::create() without implementing a parameter whitelist or filtering sensitive fields like 'role'. This allows attackers to modify object attributes that should be controlled exclusively by the application, specifically the user role assignment mechanism.

RemediationAI

Upgrade Kanboard to version 1.2.51 or later, which implements proper input filtering on the UserInviteController::register() endpoint to prevent role parameter injection. The fix is available through the official GitHub repository and detailed in the security advisory at https://github.com/kanboard/kanboard/security/advisories/GHSA-2jvj-q44v-6p3x. Organizations unable to immediately upgrade should implement compensating controls including monitoring user registration activity for anomalous role assignments, restricting invite link distribution to trusted recipients only, implementing additional authentication layers for administrative operations, and reviewing existing user accounts created through invite links for unauthorized privilege escalation. Consider temporarily disabling the user invite feature if mass assignment exploitation is detected until patching can be completed.

CVE-2026-21881 CRITICAL POC
9.1 Jan 08

Kanboard project management (through 1.2.48) has an authentication bypass when REVERSE_PROXY_AUTH is enabled. The applic

CVE-2023-36813 HIGH POC
8.8 Jul 05

Kanboard is project management software that focuses on the Kanban methodology. Rated high severity (CVSS 8.8), this vul

CVE-2026-25924 HIGH POC
8.4 Feb 11

Remote code execution in Kanboard prior to 1.2.50 allows authenticated administrators to bypass plugin installation rest

CVE-2025-52560 HIGH POC
8.1 Jun 24

Kanboard prior to version 1.2.46 contains a host header injection vulnerability that allows unauthenticated attackers to

CVE-2026-58660 HIGH POC
7.2 Jul 15

Broken object-level authorization in Kanboard through 1.2.52 lets any authenticated user who belongs to at least one pro

CVE-2024-51748 HIGH POC
7.2 Nov 11

Kanboard is project management software that focuses on the Kanban methodology. Rated high severity (CVSS 7.2), this vul

CVE-2024-51747 HIGH POC
7.2 Nov 11

Kanboard is project management software that focuses on the Kanban methodology. Rated high severity (CVSS 7.2), this vul

CVE-2014-3920 MEDIUM POC
6.8 Jul 03

Cross-site request forgery (CSRF) vulnerability in Kanboard before 1.0.6 allows remote attackers to hijack the authentic

CVE-2024-55603 MEDIUM POC
6.5 Dec 19

Kanboard is project management software that focuses on the Kanban methodology. Rated medium severity (CVSS 6.5), this v

CVE-2023-33970 MEDIUM POC
6.5 Jun 05

Kanboard is open source project management software that focuses on the Kanban methodology. Rated medium severity (CVSS

CVE-2023-33956 MEDIUM POC
6.5 Jun 05

Kanboard is open source project management software that focuses on the Kanban methodology. Rated medium severity (CVSS

CVE-2024-36399 MEDIUM POC
6.3 Jun 06

Kanboard is project management software that focuses on the Kanban methodology. Rated medium severity (CVSS 6.3), this v

Vendor StatusVendor

Ubuntu

Priority: Medium

Debian

Bug #1131198
kanboard
Release Status Fixed Version Urgency
forky, sid fixed 1.2.51+ds-1 -
(unstable) fixed 1.2.51+ds-1 -

Share

CVE-2026-29056 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy