← volver
CVE-2026-33058

Kanboard has Authenticated SQL Injection in Project Permissions Handler

CVSS 8.4 HIGHEPSS 0.3%CWE-89
Vexday Risk Score
21Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS 8.4EPSS 0.3%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
18 mar 2026Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
Kanboard is project management software focused on Kanban methodology. Versions prior to 1.2.51 have an authenticated SQL injection vulnerability. Attackers with the permission to add users to a project can leverage this vulnerability to dump the entirety of the kanboard database. Version 1.2.51 fixes the issue.
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:N/SC:H/SI:L/SA:N
Productos afectados
kanboard · kanboard

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://github.com/kanboard/kanboard/security/advisories/GHSA-f62r-m4mr-2xhh