CVE-2026-33058
Last modified
CVE-2026-33058 is a high-severity vulnerability rated 8.4/10 on the CVSS scale. Kanboard is project management software focused on Kanban methodology. Versions prior to 1.2.51 have an authenticated SQL injection vulnerability. EPSS estimates a 0.28% chance of exploitation in the next 30 days.
Description
Kanboard is project management software focused on Kanban methodology. Versions prior to 1.2.51 have an authenticated SQL injection vulnerability. Attackers with the permission to add users to a project can leverage this vulnerability to dump the entirety of the kanboard database. Version 1.2.51 fixes the issue.
Metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:N/SC:H/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Kanboard | Kanboard | < 1.2.51 |
References
- https://github.com/kanboard/kanboard/security/advisories/GHSA-f62r-m4mr-2xhhExploit, Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Analyzed
Frequently Asked Questions
What is CVE-2026-33058?
How severe is CVE-2026-33058?
How do I fix CVE-2026-33058?
Are you affected by CVE-2026-33058?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST