← Zuruck zu CVEs
CVE-2026-21879
MEDIUM4.7
Beschreibung
Kanboard is project management software focused on Kanban methodology. Versions 1.2.48 and below are vulnerable to an Open Redirect attack that allows malicious actors to redirect authenticated users to attacker-controlled websites. By crafting URLs such as //evil.com, attackers can bypass the filter_var($url, FILTER_VALIDATE_URL) validation check. This vulnerability could be exploited to conduct phishing attacks, steal user credentials, or distribute malware. The issue is fixed in version 1.2.49.
CVE Details
CVSS v3.1 Bewertung4.7
SchweregradMEDIUM
CVSS VektorCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N
AngriffsvektorNETWORK
KomplexitatLOW
Erforderliche PrivilegienNONE
BenutzerinteraktionREQUIRED
Veroffentlicht1/8/2026
Zuletzt geandert1/20/2026
Quellenvd
Honeypot-Sichtungen0
Betroffene Produkte
kanboard:kanboard
Schwachen (CWE)
CWE-601
Referenzen
https://github.com/kanboard/kanboard/commit/93bcae03301a6d34185a8dba977417e6b3de519f(security-advisories@github.com)
https://github.com/kanboard/kanboard/releases/tag/v1.2.49(security-advisories@github.com)
https://github.com/kanboard/kanboard/security/advisories/GHSA-mhv9-7m9w-7hcq(security-advisories@github.com)
https://github.com/kanboard/kanboard/security/advisories/GHSA-mhv9-7m9w-7hcq(134c704f-9b21-4f2e-91b3-4a467353bcc0)
IOC Korrelationen
Keine Korrelationen erfasst
This product uses data from the NVD API but is not endorsed or certified by the NVD.