CVE-2026-29056

EUVD-2026-12740
Kanboard is project management software focused on Kanban methodology. Prior to 1.2.51, Kanboard's user invite registration endpoint (`UserInviteController::register()`) accepts all POST parameters and passes them to `UserModel::create()` without filtering out the `role` field. An attacker who receives an invite link can inject `role=app-admin` in the registration form to create an administrator account. Version 1.2.51 fixes the issue.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8.8 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 46.4%
Affected Products (NVD)
VendorProductVersion
kanboardkanboard
𝑥
< 1.2.51
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
kanboard
forky
1.2.51+ds-2
fixed
sid
1.2.51+ds-2
fixed
Common Weakness Enumeration
References
https://github.com/kanboard/kanboard/security/advisories/GHSA-2jvj-q44v-6p3x
https://github.com/kanboard/kanboard/security/advisories/GHSA-2jvj-q44v-6p3x