CVE-2026-29056 in Kanboard
Summary
by MITRE • 03/18/2026
Kanboard is project management software focused on Kanban methodology. Prior to 1.2.51, Kanboard's user invite registration endpoint (`UserInviteController::register()`) accepts all POST parameters and passes them to `UserModel::create()` without filtering out the `role` field. An attacker who receives an invite link can inject `role=app-admin` in the registration form to create an administrator account. Version 1.2.51 fixes the issue.
Be aware that VulDB is the high quality source for vulnerability data.
Analysis
by VulDB Data Team • 03/22/2026
The vulnerability identified as CVE-2026-29056 represents a critical authorization bypass flaw within Kanboard project management software that operates on the Kanban methodology framework. This issue affects versions prior to 1.2.51 and stems from inadequate input validation within the user invitation registration process. The vulnerability specifically resides in the UserInviteController::register() method which processes user registration requests through the invitation system without proper sanitization of incoming parameters. The flaw allows malicious actors to manipulate the registration workflow by injecting privileged role assignments directly into the POST request data.
The technical implementation of this vulnerability exploits the lack of parameter filtering in the user registration endpoint, where all submitted POST parameters are indiscriminately passed to the UserModel::create() method. This design flaw creates an opportunity for privilege escalation attacks as attackers can manipulate the registration form to include role=app-admin as part of their registration data. When the system processes this manipulated request, it accepts the role parameter without validation and creates a user account with administrative privileges, effectively bypassing the intended access control mechanisms. This represents a classic case of improper input validation and privilege management, aligning with CWE-20: Improper Input Validation and CWE-269: Improper Privilege Management.
The operational impact of this vulnerability is severe and far-reaching for organizations utilizing affected Kanboard versions. An attacker who gains access to a valid invitation link can immediately escalate their privileges to full administrative access without requiring any additional authentication credentials or prior access to the system. This creates a significant risk of unauthorized data manipulation, configuration changes, user account compromise, and potential system-wide breaches. The vulnerability essentially allows attackers to create backdoor administrative accounts, which can be used for persistent access and further exploitation. Organizations relying on Kanboard for project management and collaboration are particularly vulnerable as this flaw can be exploited by anyone with access to an invitation link, regardless of their initial access level or authorization status.
The remediation for this vulnerability requires immediate deployment of Kanboard version 1.2.51 or later, which implements proper parameter filtering to prevent the injection of privileged role assignments during user registration. Security professionals should also consider implementing additional monitoring and logging of user registration activities to detect potential exploitation attempts. Organizations should review their invitation management processes and ensure that only authorized personnel receive invitation links. The fix addresses the root cause by implementing proper input sanitization and role validation within the user creation workflow, preventing any external parameter manipulation from affecting the system's authorization model. This vulnerability demonstrates the critical importance of proper access control implementation and input validation in web applications, particularly in systems where user registration and privilege assignment are involved, and aligns with ATT&CK technique T1078.004: Valid Accounts and T1496: Resource Hijacking as potential exploitation pathways.