Nixpkgs security tracker

Untriaged

Permalink CVE-2026-25924

8.5 HIGH

CVSS version: 3.1
Attack vector (AV): NETWORK
Attack complexity (AC): LOW
Privileges required (PR): HIGH
User interaction (UI): REQUIRED
Scope (S): CHANGED
Confidentiality impact (C): HIGH
Integrity impact (I): HIGH
Availability impact (A): HIGH

created 2 months, 1 week ago Activity log

Created suggestion 2 months, 1 week ago

Kanboard is Missing Access Control on Plugin Installation leading to Administrative RCE

Kanboard is project management software focused on Kanban methodology. Prior to 1.2.50, a security control bypass vulnerability in Kanboard allows an authenticated administrator to achieve full Remote Code Execution (RCE). Although the application correctly hides the plugin installation interface when the PLUGIN_INSTALLER configuration is set to false, the underlying backend endpoint fails to verify this security setting. An attacker can exploit this oversight to force the server to download and install a malicious plugin, leading to arbitrary code execution. This vulnerability is fixed in 1.2.50.

References

https://github.com/kanboard/kanboard/security/advisories/GHSA-grch-p7vf-vc4f x_refsource_CONFIRM
https://github.com/kanboard/kanboard/commit/b9ada89b1a64034612fc4262b88c42458c0d6ee4 x_refsource_MISC
https://github.com/kanboard/kanboard/releases/tag/v1.2.50 x_refsource_MISC

Affected products

kanboard

==< 1.2.50

Matching in nixpkgs

pkgs.kanboard

Kanban project management software

nixos-unstable 1.2.46
- nixpkgs-unstable 1.2.49
- nixos-unstable-small 1.2.49
nixos-25.11 1.2.48
- nixpkgs-25.11-darwin 1.2.48

Package maintainers

@yzx9 Zexin Yuan <yuan.zx@outlook.com>

Suggestion detail

References

Affected products

Matching in nixpkgs

pkgs.kanboard

Package maintainers