Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Network-accessible endpoint requires a low-privilege authenticated account (PR:L); no confidentiality impact; session deletion yields minor integrity and availability degradation only.
Primary rating from Vendor (VulnCheck).
CVSS VectorVendor: VulnCheck
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
2DescriptionCVE.org
Kanboard through 1.2.52, fixed in commit 928c68a, UserViewController::removeSession fails to validate the session id parameter before passing it to RememberMeSessionModel::remove, allowing authenticated users to delete other users' Remember Me sessions. Attackers can enumerate sequential session IDs and mass-invalidate persistent login sessions of any user, including administrators, forcing re-authentication and causing denial of service.
AnalysisAI
Authenticated session hijacking via IDOR in Kanboard through 1.2.52 allows any low-privilege user to mass-invalidate the persistent 'Remember Me' sessions of arbitrary users, including administrators, by enumerating sequential integer session IDs against the unguarded removeSession endpoint. The root-cause fix - scoping RememberMeSessionModel::remove() to the requesting user's own user_id - is confirmed in commit 928c68a via PR #5831. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires a valid authenticated Kanboard account with at minimum low-privilege access - unauthenticated exploitation is not possible per the CVSS PR:L designation. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 4.0 vector (AV:N/AC:L/AT:N/PR:L/UI:N - score 5.3 Medium) accurately reflects the threat model: network-accessible, low complexity, requiring only a valid low-privilege account. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An authenticated low-privilege Kanboard user inspects their browser's network traffic to identify their own Remember Me session ID after login, discovering it is a small sequential integer. The attacker then scripts a loop issuing DELETE-equivalent requests to the `removeSession` endpoint across a range of IDs (e.g., 1-10000), invalidating persistent sessions for all users including administrators. … |
| Remediation | Update Kanboard to a build that includes commit 928c68aa2b7c00092dd71084d329b912e229f3d1 (PR #5831, https://github.com/kanboard/kanboard/pull/5831); self-hosted instances should pull from the patched HEAD or await a tagged release from the vendor. … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
Kanboard project management (through 1.2.48) has an authentication bypass when REVERSE_PROXY_AUTH is enabled. The applic
Kanboard is project management software that focuses on the Kanban methodology. Rated high severity (CVSS 8.8), this vul
Remote code execution in Kanboard prior to 1.2.50 allows authenticated administrators to bypass plugin installation rest
Kanboard prior to version 1.2.46 contains a host header injection vulnerability that allows unauthenticated attackers to
Broken object-level authorization in Kanboard through 1.2.52 lets any authenticated user who belongs to at least one pro
Kanboard is project management software that focuses on the Kanban methodology. Rated high severity (CVSS 7.2), this vul
Kanboard is project management software that focuses on the Kanban methodology. Rated high severity (CVSS 7.2), this vul
Cross-site request forgery (CSRF) vulnerability in Kanboard before 1.0.6 allows remote attackers to hijack the authentic
Kanboard is project management software that focuses on the Kanban methodology. Rated medium severity (CVSS 6.5), this v
Kanboard is open source project management software that focuses on the Kanban methodology. Rated medium severity (CVSS
Kanboard is open source project management software that focuses on the Kanban methodology. Rated medium severity (CVSS
Kanboard is project management software that focuses on the Kanban methodology. Rated medium severity (CVSS 6.3), this v
Same technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-39526
GHSA-vvjm-mjq4-27c8