CVE-2026-25531 — MEDIUM (4.3)

Q: How severe is CVE-2026-25531?

CVE-2026-25531 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2026-25531?

Check the references section above for vendor advisories and patch information. Affected products include: Kanboard Kanboard.

Vulnerability Description

Kanboard is project management software focused on Kanban methodology. Prior to 1.2.50, The fix for CVE-2023-33968 is incomplete. The TaskCreationController::duplicateProjects() endpoint does not validate user permissions for target projects, allowing authenticated users to duplicate tasks into projects they cannot access. This vulnerability is fixed in 1.2.50.

CVSS Score

4.3

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

LOW

Availability

NONE

Affected Products

Vendor	Product	Versions
Kanboard	Kanboard	< 1.2.50

Related Weaknesses (CWE)

CWE-862

References

https://github.com/kanboard/kanboard/commit/df7b7a21ee071f36466d8b38e40d0b0b8b8dPatch
https://github.com/kanboard/kanboard/releases/tag/v1.2.50ProductRelease Notes
https://github.com/kanboard/kanboard/security/advisories/GHSA-vrm3-3337-whp9ExploitVendor AdvisoryMitigation

FAQ

What is CVE-2026-25531?

CVE-2026-25531 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Kanboard is project management software focused on Kanban methodology. Prior to 1.2.50, The fix for CVE-2023-33968 is incomplete. The TaskCreationController::duplicateProjects() endpoint does not vali...

How severe is CVE-2026-25531?

CVE-2026-25531 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2026-25531?

Check the references section above for vendor advisories and patch information. Affected products include: Kanboard Kanboard.