EUVD-2026-12759
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Lifecycle Timeline
4Description
Kanboard is project management software focused on Kanban methodology. Versions prior to 1.2.51 have an authenticated SQL injection vulnerability. Attackers with the permission to add users to a project can leverage this vulnerability to dump the entirety of the kanboard database. Version 1.2.51 fixes the issue.
Analysis
An authenticated SQL injection vulnerability exists in Kanboard project management software prior to version 1.2.51. Authenticated attackers with permission to add users to a project can exploit this vulnerability to dump the entire Kanboard database, potentially exposing sensitive project data, user credentials, and application secrets. …
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 24 hours: Identify all Kanboard instances in your environment and document their versions; restrict project administrator roles to only essential personnel and audit current role assignments. Within 7 days: Implement network segmentation to limit Kanboard database access; deploy WAF rules to detect SQL injection patterns in user input fields; enable comprehensive logging and monitoring of database queries. …
Sign in for detailed remediation steps.
Priority Score
Vendor Status
Ubuntu
Priority: MediumDebian
Bug #1131198| Release | Status | Fixed Version | Urgency |
|---|---|---|---|
| forky, sid | fixed | 1.2.51+ds-1 | - |
| (unstable) | fixed | 1.2.51+ds-1 | - |
Share
External POC / Exploit Code
Leaving vuln.today