Nixpkgs Security Tracker

Untriaged

Permalink CVE-2026-33058

created 4 days, 10 hours ago

Kanboard has Authenticated SQL Injection in Project Permissions Handler

Kanboard is project management software focused on Kanban methodology. Versions prior to 1.2.51 have an authenticated SQL injection vulnerability. Attackers with the permission to add users to a project can leverage this vulnerability to dump the entirety of the kanboard database. Version 1.2.51 fixes the issue.

References

https://github.com/kanboard/kanboard/security/advisories/GHSA-f62r-m4mr-2xhh x_refsource_CONFIRM

Affected products

kanboard

==< 1.2.51

Matching in nixpkgs

pkgs.kanboard

Kanban project management software

nixos-unstable 1.2.51
- nixpkgs-unstable 1.2.51
- nixos-unstable-small 1.2.51
nixos-25.11 1.2.50
- nixos-25.11-small 1.2.50
- nixpkgs-25.11-darwin 1.2.50

Package maintainers

@yzx9 Zexin Yuan <yuan.zx@outlook.com>

Suggestion detail

References

Affected products

Matching in nixpkgs

pkgs.kanboard

Package maintainers