CVE-2026-58660 - Kanboard BoardAjaxController Missing Ownership Check via Drag-and-Drop
CVE ID :CVE-2026-58660 Published : July 15, 2026, 6:16 p.m. | 17 minutes ago Description :Kanboard through 1.2.52, fixed in commit 564cc30, BoardAjaxController save() method (used by the kanban board drag-and-drop endpoint) validates the caller's role on the attacker-supplied project_id but...