Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
4.3
Unauthorized task duplication in Kanboard project management software
CVE-2026-25531
Summary
Kanboard software versions prior to 1.2.50 allow authenticated users to copy tasks into projects they shouldn't have access to. This can lead to unauthorized access to sensitive project information. Update to version 1.2.50 or later to fix the issue.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| kanboard | kanboard | <= 1.2.50 | – |
Original title
Kanboard is project management software focused on Kanban methodology. Prior to 1.2.50, The fix for CVE-2023-33968 is incomplete. The TaskCreationController::duplicateProjects() endpoint does not v...
Original description
Kanboard is project management software focused on Kanban methodology. Prior to 1.2.50, The fix for CVE-2023-33968 is incomplete. The TaskCreationController::duplicateProjects() endpoint does not validate user permissions for target projects, allowing authenticated users to duplicate tasks into projects they cannot access. This vulnerability is fixed in 1.2.50.
nvd CVSS3.1
4.3
Vulnerability type
CWE-862
Missing Authorization
- https://github.com/kanboard/kanboard/commit/df7b7a21ee071f36466d8b38e40d0b0b8b8d... Patch
- https://github.com/kanboard/kanboard/releases/tag/v1.2.50 Product Release Notes
- https://github.com/kanboard/kanboard/security/advisories/GHSA-vrm3-3337-whp9 Exploit Vendor Advisory Mitigation
Published: 13 Feb 2026 · Updated: 10 Mar 2026 · First seen: 6 Mar 2026