VYPR

kanboard

by Debian

CVEs (1)

  • CVE-2026-58660Jul 16, 2026
    risk 0.00cvss epss

    Kanboard through 1.2.52, fixed in commit 564cc30, BoardAjaxController save() method (used by the kanban board drag-and-drop endpoint) validates the caller's role on the attacker-supplied project_id but never verifies that the supplied task_id actually belongs to that project.…