CVE-2026-25530 – Kanboard is missing authorization check in getSwimlane API allows cross-project data access

CVE ID : CVE-2026-25530

Published : Feb. 10, 2026, 5:16 p.m. | 1 hour, 5 minutes ago

Description : Kanboard is project management software focused on Kanban methodology. Prior to 1.2.50, the getSwimlane API method lacks project-level authorization, allowing authenticated users to access swimlane data from projects they cannot access. This vulnerability is fixed in 1.2.50.

Severity: 4.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…