Skip to main content
Press slash or control plus K to focus the search. Use the arrow keys to navigate results and press enter to open a threat.
Reconnecting to live updates…
EPSS 0.4%top 72%

GHSA-f95x-r3pv-jh63

0
High
Published: 07/15/2026 (07/15/2026, 18:31:58 UTC)
Source: GCVE Database

Description

Kanboard versions through 1.2.52 contain a vulnerability in the BoardAjaxController save() method where the task_id parameter is not verified to belong to the project identified by project_id. This allows any authenticated user who is a member of at least one project to enumerate and move tasks from other projects, including private ones they are not authorized to access. The issue arises because task identifiers are sequential and shared across the entire instance. The vulnerability was fixed in a commit identified as 564cc30.

CVSS v4.0

Attack Vector
Network
Attack Complexity
Low
Attack Requirements
None
Privileges Required
Low
User Interaction
None
Vuln. Confidentiality
None
Vuln. Integrity
High
Vuln. Availability
High
Subsq. Confidentiality
None
Subsq. Integrity
None
Subsq. Availability
None
Scope
X
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Affected software

GitHub Actionsmore threats →ai
kanboard/kanboard
pkg:github/kanboard/kanboard
Affected versions
<=1.2.52

Run on your own infrastructure? Check whether these packages are installed with threat-finder — our free open-source scanner.

AI-Powered Analysis

Machine-generated threat intelligence

AILast updated: 07/16/2026, 11:23:36 UTC

Technical Analysis

The vulnerability in Kanboard through version 1.2.52 involves improper authorization checks in the BoardAjaxController save() method used by the kanban board drag-and-drop endpoint. While the method validates the caller's role on the attacker-supplied project_id, it fails to verify that the supplied task_id actually belongs to that project. Since task IDs are sequential integers shared across the instance, an authenticated user with membership in any project can enumerate and manipulate tasks belonging to other projects, including private projects without membership or role. This can lead to unauthorized task movement, corruption, or hiding. The issue is tracked as CVE-2026-58660 and was fixed in commit 564cc30.

Potential Impact

An authenticated user with membership in any project can enumerate and move tasks from any other project on the same Kanboard instance, including private projects they do not belong to. This can result in unauthorized modification, corruption, or hiding of tasks, potentially disrupting project workflows and compromising data integrity.

Mitigation Recommendations

A fix for this vulnerability is available and was introduced in commit 564cc30. Users should upgrade Kanboard to a version that includes this fix. Since no official patch version is specified, check the Kanboard repository or vendor advisory for the exact fixed version and apply the update accordingly. Until patched, restrict access to trusted users only.

Pro Console: star threats, build custom feeds, automate alerts via Slack, email & webhooks.Upgrade to Pro

Technical Details

Gcve Source
db.gcve.eu
Osv Id
GHSA-f95x-r3pv-jh63
Osv Schema Version
1.4.0
Aliases
["CVE-2026-58660"]
Ecosystems
[]
Database Specific Severity
HIGH
Cvss Version
4.0

Threat ID: 6a58b44568715ace43d6ae94

Added to database: 07/16/2026, 10:36:53 UTC

Last enriched: 07/16/2026, 11:23:36 UTC

Last updated: 07/17/2026, 02:33:14 UTC

Views: 6

Community Reviews

0 reviews

Crowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.

Sort by
Loading community insights…

Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.

Actions

PRO

Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.

Please log in to the Console to use AI analysis features.

Need more coverage?

Upgrade to Pro Console for AI refresh and higher limits.

For incident response and remediation, OffSeq services can help resolve threats faster.

Latest Threats

Breach by OffSeqOFFSEQFRIENDS — 25% OFF

Check if your credentials are on the dark web

Instant breach scanning across billions of leaked records. Free tier available.

Scan now
OffSeq TrainingCredly Certified

Lead Pen Test Professional

Technical5-day eLearningPECB Accredited
View courses