Vendor
A high-severity vulnerability, CVE-2026-58660, in Kanboard versions up to 1.2.52 allows any authenticated user to enumerate, move, corrupt, or hide tasks belonging to any project on the same instance, including private projects, due to improper validation in the BoardAjaxController save() method.