LeakyCreds
NewInstant webhook alerts now available — notified within seconds of any credential detection.Learn more →
Home / Vulnerability Intelligence / CVE-2026-33058

CVE-2026-33058 - Vulnerability Analysis

MediumCVSS: 6.5

Last Updated: March 18, 2026

Kanboard - SQL Injection

Published: March 18, 2026Updated: March 18, 2026PoC AvailableRemote Exploitable

Overview

Kanboard < 1.2.51 contains an authenticated SQL injection caused by improper input sanitization in user addition functionality, letting attackers with project user addition permission dump the entire database, exploit requires authenticated user with add user permission.

Severity & Score

Severity: Medium
CVSS Score: 6.5
EPSS Score: 3.0%(Probability of exploitation in next 30 days)

Impact

Attackers can dump the entire Kanboard database, exposing all stored data.

Mitigation

Upgrade to version 1.2.51 or later.

References

Social Media Activity(2 posts)

Dave
Dave
@cydave
Mar 18, 2026

Published the writeup for the authenticated SQL injection vulnerability in Kanboard - CVE-2026-33058. https://0dave.ch/posts/cve-2026-33058/ https://www.cve.org/CVERecord?id=CVE-2026-33058 https://github.com/kanboard/kanboard/security/advisories/GHSA-f62r-m4mr-2xhh #webappsec #cve #sqli

View original post
Dave
Dave
@cydave
Mar 18, 2026

Published the writeup for the authenticated SQL injection vulnerability in Kanboard - CVE-2026-33058. https://0dave.ch/posts/cve-2026-33058/ https://www.cve.org/CVERecord?id=CVE-2026-33058 https://github.com/kanboard/kanboard/security/advisories/GHSA-f62r-m4mr-2xhh #webappsec #cve #sqli

View original post

Related Resources

Details

CVE ID
CVE-2026-33058
Severity
Medium
CVSS Score
6.5
Type
sql_injection
Status
confirmed
EPSS
3.0%
Social Posts
2

CWE

  • CWE-89

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

EPSS Score

3.0%Probability of exploitation in the next 30 days