CVE-2026-33058

EUVD-2026-12759
Kanboard is project management software focused on Kanban methodology. Versions prior to 1.2.51 have an authenticated SQL injection vulnerability. Attackers with the permission to add users to a project can leverage this vulnerability to dump the entirety of the kanboard database. Version 1.2.51 fixes the issue.
SQL Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.5 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 8.98%
Affected Products (NVD)
VendorProductVersion
kanboardkanboard
𝑥
< 1.2.51
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
kanboard
forky
1.2.51+ds-2
fixed
sid
1.2.51+ds-2
fixed
Common Weakness Enumeration
References
https://github.com/kanboard/kanboard/security/advisories/GHSA-f62r-m4mr-2xhh