Vulnerability in Kanboard

CVE-2026-29056

Kanboard is project management software focused on Kanban methodology. Prior to 1.2.51, Kanboard's user invite registration endpoint (`UserInviteController::register()`) accepts all POST parameters and passes them to `UserModel::create()`…

Vulnerability class: Mass Assignment

EPSS: 0.003 (50.9th percentile) — read the EPSS interpretation.

Affected products

Kanboard — versions < 1.2.51

Weakness classification (CWE)

CWE-915 — Improperly Controlled Modification of Dynamically-Determined Object Attributes

References

https://github.com/kanboard/kanboard/security/advisories/GHSA-2jvj-q44v-6p3x (x_refsource_CONFIRM)