CVE-2026-25924

HIGH

kanboard < 1.2.50 - Authenticated Remote Code Execution via Plugin Installer Bypass

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2026-25924. PoCs published by XiaomingX, drkim-dev.

AI-analyzed exploit summary The repository contains only a README.md file with minimal content (just the CVE ID) and no exploit code, technical details, or functional PoC. It appears to be a placeholder or incomplete entry.

Description

Kanboard is project management software focused on Kanban methodology. Prior to 1.2.50, a security control bypass vulnerability in Kanboard allows an authenticated administrator to achieve full Remote Code Execution (RCE). Although the application correctly hides the plugin installation interface when the PLUGIN_INSTALLER configuration is set to false, the underlying backend endpoint fails to verify this security setting. An attacker can exploit this oversight to force the server to download and install a malicious plugin, leading to arbitrary code execution. This vulnerability is fixed in 1.2.50.

Exploits (2)

github STUB 10 stars

by XiaomingX · pythonpoc

https://github.com/XiaomingX/data-cve-poc-py-v1/tree/main/2026/CVE-2026-25924

View Code ZIP pw:eip

The repository contains only a README.md file with minimal content (just the CVE ID) and no exploit code, technical details, or functional PoC. It appears to be a placeholder or incomplete entry.

Classification

Stub 100%

Attack Type

Other

Complexity

Trivial

Reliability

Theoretical

Target: unknown

No auth needed

MITRE ATT&CK

T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 27, 2026 Full analysis →

nomisec STUB 1 stars

by drkim-dev · poc

https://github.com/drkim-dev/CVE-2026-25924

View Code ZIP pw:eip

The repository contains only a README.md file with the CVE identifier and no exploit code or technical details. It appears to be a placeholder or stub.

Classification

Stub 90%

Attack Type

Other

Complexity

Trivial

Reliability

Theoretical

Target: unknown

No auth needed

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Exploit, Mitigation, Vendor Advisory x_refsource_confirm

https://github.com/kanboard/kanboard/security/advisories/GHSA-grch-p7vf-vc4f

Patch x_refsource_misc

https://github.com/kanboard/kanboard/commit/b9ada89b1a64034612fc4262b88c42458c0d6ee4

View Patch ZIP pw:eip

Product, Release Notes x_refsource_misc

https://github.com/kanboard/kanboard/releases/tag/v1.2.50

Scores

CVSS v3 8.4

EPSS 0.0049

EPSS Percentile 38.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact total

Details

CWE

CWE-863

Status published

Products (1)

kanboard/kanboard < 1.2.50

Published Feb 11, 2026

Tracked Since Feb 18, 2026