CVE-2025-52560

Name of the Vulnerable Software and Affected Versions: Kanboard versions prior to 1.2.46

Description: Kanboard is project management software that focuses on the Kanban methodology. Prior to version 1.2.46, Kanboard allows password reset emails to be sent with URLs derived from the unvalidated Host header when the application url configuration is unset. This allows an attacker to craft a malicious password reset link that leaks the token to an attacker-controlled domain. If a victim clicks the poisoned link, their account can be taken over. This affects all users who initiate a password reset while application url is not set.

Recommendations: For versions prior to 1.2.46, update to version 1.2.46 to resolve the issue. As a temporary workaround, consider setting the application url configuration to prevent the use of unvalidated Host headers. Restrict access to password reset functionality until the issue is resolved.