4.3

CVE-2026-25531

Exploit

Kanboard TaskCreationController::duplicateProjects() endpoint does not validate user permissions for target projects

Kanboard is project management software focused on Kanban methodology. Prior to 1.2.50, The fix for CVE-2023-33968 is incomplete. The TaskCreationController::duplicateProjects() endpoint does not validate user permissions for target projects, allowing authenticated users to duplicate tasks into projects they cannot access. This vulnerability is fixed in 1.2.50.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
KanboardKanboard Version < 1.2.50
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.22% 0.127
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
security-advisories@github.com 4.3 2.8 1.4
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
CWE-862 Missing Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

https://github.com/kanboard/kanboard/releases/tag/v1.2.50
Product
Release Notes
https://github.com/kanboard/kanboard/commit/df7b7a21ee071f36466d8b38e40d0b0b8b8d394d
Patch
https://github.com/kanboard/kanboard/security/advisories/GHSA-vrm3-3337-whp9
Vendor Advisory
Exploit
Mitigation