PT-2026-2116 · Kanboard · Kanboard

Huseynkhanli

·

Publicado

2026-01-08

·

Atualizado

2026-01-20

·

CVE-2026-21879

CVSS v3.1

6.1

Média

VetorAV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Name of the Vulnerable Software and Affected Versions Kanboard versions 1.2.48 and below
Description Kanboard is project management software focused on Kanban methodology. Versions 1.2.48 and below are susceptible to an Open Redirect issue, allowing attackers to redirect authenticated users to malicious websites. Attackers can bypass the filter var($url, FILTER VALIDATE URL) validation check by crafting URLs such as //evil.com. This could be used to conduct phishing attacks, steal user credentials, or distribute malware.
Recommendations Update Kanboard to version 1.2.49 or later.

Exploit

Correção

Open Redirect

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-601

Identificadores relacionados

CVE-2026-21879
GHSA-MHV9-7M9W-7HCQ

Produtos afetados

Kanboard