How serious is CVE-2026-25531?

This vulnerability has a CVSS score of 4.3 out of 10, classified as MEDIUM severity. No public exploit code has been identified yet.

Which products are affected by CVE-2026-25531?

CVE-2026-25531 affects kanboard kanboard. Check the full CVE details for specific version information.

How do I fix CVE-2026-25531?

To remediate CVE-2026-25531, check for security patches from kanboard. Apply all available updates and security patches. If no patch is available, implement recommended workarounds or security controls to mitigate the risk.

CVE-2026-25531

Medium

|4.3

No Exploit

Plain English Summary

AI-powered analysis for quick understanding

This vulnerability allows authenticated users to copy tasks into projects they shouldn't have access to, potentially exposing sensitive information. It occurs because the software doesn't properly check if the user has permission to modify the target projects before allowing the duplication.

Technical Description

Kanboard is project management software focused on Kanban methodology. Prior to 1.2.50, The fix for CVE-2023-33968 is incomplete. The TaskCreationController::duplicateProjects() endpoint does not validate user permissions for target projects, allowing authenticated users to duplicate tasks into projects they cannot access. This vulnerability is fixed in 1.2.50.

CVSS Vector Analysis

Attack VectorNetwork

Attack ComplexityLow

Privileges RequiredLow

User InteractionNone

Confidentiality ImpactNone

Integrity ImpactLow

Availability ImpactNone

ScopeUnchanged

Vector String

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Exploit Resources

Search for proof-of-concept code and exploit modules

GitHub Search Exploit-DB Nuclei Templates Metasploit Vulners

Official References

NIST NVD

Est. Bounty

$552($500-$1K)

Vendor Response

Grade APatched in 0 days

Quick Information

Published

Feb 13, 2026

7 days ago

Last Modified

Feb 13, 2026

7 days ago

Vendor

kanboard

Product

kanboard