Skip to main content

Ubuntu EUVD-2026-12759

| CVE-2026-33058 MEDIUM
SQL Injection (CWE-89)
2026-03-18 GitHub_M
SQLi Ubuntu Debian Kanboard
6.5
CVSS 3.1 · GitHub Advisory
Share

Severity by source

GitHub Advisory PRIMARY
6.5 MEDIUM
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Ubuntu
MEDIUM
qualitative

Primary rating from GitHub Advisory.

CVSS VectorGitHub Advisory

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

4
Patch released
Mar 31, 2026 - 21:13 nvd
Patch available
EUVD ID Assigned
Mar 18, 2026 - 03:30 euvd
EUVD-2026-12759
Analysis Generated
Mar 18, 2026 - 03:30 vuln.today
CVE Published
Mar 18, 2026 - 02:17 nvd
MEDIUM 6.5

DescriptionGitHub Advisory

Kanboard is project management software focused on Kanban methodology. Versions prior to 1.2.51 have an authenticated SQL injection vulnerability. Attackers with the permission to add users to a project can leverage this vulnerability to dump the entirety of the kanboard database. Version 1.2.51 fixes the issue.

AnalysisAI

An authenticated SQL injection vulnerability exists in Kanboard project management software prior to version 1.2.51. Authenticated attackers with permission to add users to a project can exploit this vulnerability to dump the entire Kanboard database, potentially exposing sensitive project data, user credentials, and application secrets. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts
Continue with Google Continue with GitHub

Free forever · No credit card required

Vulnerability AssessmentAI

Risk Assessment The CVSS 4.0 score of 8.4 reflects significant risk with high confidentiality impact to both the vulnerable system (VC:H) and subsequent systems (SC:H), plus low integrity impact (VI:L, SI:L). … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An authenticated attacker with permission to add users to a Kanboard project crafts a malicious username or related parameter containing SQL injection payloads when attempting to add a new project member. The insufficiently sanitized input is incorporated into a SQL query, allowing the attacker to append UNION SELECT statements or use other SQL injection techniques to extract the entire database contents, including user credentials, project data, API tokens, and configuration secrets. …
Remediation Upgrade Kanboard to version 1.2.51 or later, which contains a fix for this SQL injection vulnerability as documented in the GitHub Security Advisory at https://github.com/kanboard/kanboard/security/advisories/GHSA-f62r-m4mr-2xhh. … Detailed patch versions, workarounds, and compensating controls in full report.
Sign in to read full assessment

Recommended ActionAI

Within 24 hours: Identify all Kanboard instances in your environment and document their versions; restrict project administrator roles to only essential personnel and audit current role assignments. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Vendor StatusVendor

Ubuntu

Priority: Medium

Debian

Bug #1131198
kanboard
Release Status Fixed Version Urgency
forky, sid fixed 1.2.51+ds-1 -
(unstable) fixed 1.2.51+ds-1 -

Share

EUVD-2026-12759 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy