Nixpkgs Security Tracker

Untriaged

Permalink CVE-2026-29056

created 3 days, 22 hours ago

Kanboard's privilege escalation via mass assignment in user invite registration allows any invited user to become admin

Kanboard is project management software focused on Kanban methodology. Prior to 1.2.51, Kanboard's user invite registration endpoint (`UserInviteController::register()`) accepts all POST parameters and passes them to `UserModel::create()` without filtering out the `role` field. An attacker who receives an invite link can inject `role=app-admin` in the registration form to create an administrator account. Version 1.2.51 fixes the issue.

References

https://github.com/kanboard/kanboard/security/advisories/GHSA-2jvj-q44v-6p3x x_refsource_CONFIRM
https://github.com/kanboard/kanboard/security/advisories/GHSA-2jvj-q44v-6p3x exploit

Affected products

kanboard

==< 1.2.51

Matching in nixpkgs

pkgs.kanboard

Kanban project management software

nixos-unstable 1.2.51
- nixpkgs-unstable 1.2.51
- nixos-unstable-small 1.2.51
nixos-25.11 1.2.50
- nixos-25.11-small 1.2.50
- nixpkgs-25.11-darwin 1.2.50

Package maintainers

@yzx9 Zexin Yuan <yuan.zx@outlook.com>

Suggestion detail

References

Affected products

Matching in nixpkgs

pkgs.kanboard

Package maintainers