Is Ubuntu affected by CVE-2026-29056?

Kanboard versions prior to 1.2.51 contain a critical privilege escalation vulnerability that allows any user receiving an invite link to self-elevate to administrator status, bypassing access controls entirely.

CVE-2026-29056

EUVD-2026-12740 HIGH

2026-03-18 GitHub_M

8.8

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Patch Released

Mar 31, 2026 - 21:13 nvd

Patch available

EUVD ID Assigned

Mar 18, 2026 - 02:30 euvd

EUVD-2026-12740

Analysis Generated

Mar 18, 2026 - 02:30 vuln.today

CVE Published

Mar 18, 2026 - 01:56 nvd

HIGH 8.8

Description

Kanboard is project management software focused on Kanban methodology. Prior to 1.2.51, Kanboard's user invite registration endpoint (`UserInviteController::register()`) accepts all POST parameters and passes them to `UserModel::create()` without filtering out the `role` field. An attacker who receives an invite link can inject `role=app-admin` in the registration form to create an administrator account. Version 1.2.51 fixes the issue.

Analysis

Kanboard project management software contains a privilege escalation vulnerability in its user invite registration endpoint that allows invited users to inject the 'role=app-admin' parameter during account creation, granting themselves administrator privileges. This affects all Kanboard versions prior to 1.2.51. …

Remediation

Within 24 hours: Identify all Kanboard instances and confirm current versions; disable user invite functionality if possible or restrict invite distribution to trusted channels only. Within 7 days: Contact Kanboard support and evaluate upgrade timeline to version 1.2.51; implement network segmentation to limit Kanboard access to internal networks only. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.1

CVSS: +44

POC: 0

Vendor Status

Ubuntu

Priority: Medium

Debian

Bug #1131198

kanboard

Release	Status	Fixed Version	Urgency
forky, sid	fixed	1.2.51+ds-1	-
(unstable)	fixed	1.2.51+ds-1	-

CVE-2026-29056 vulnerability details – vuln.today

Back

CVE-2026-29056

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Remediation

Analysis

Full analysis requires sign-in

Priority Score

Vendor Status

Ubuntu

Debian

Share

CVE-2026-29056

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Remediation

Full analysis requires sign-in

Priority Score

Vendor Status

Ubuntu

Debian

Share

External POC / Exploit Code