Kanboard Authenticated SQL Injection via ProjectPermissionController (CVE-2026-33058)
An authenticated SQL injection vulnerability in Kanboard allows attackers to extract sensitive data such as API tokens and password hashes through the external_id_column parameter in project permissions.