CVE-2026-21880

Name of the Vulnerable Software and Affected Versions Kanboard versions 1.2.48 and below

Description Kanboard is project management software focused on Kanban methodology. Versions 1.2.48 and below contain an LDAP Injection issue within the LDAP authentication mechanism. User-supplied input is directly incorporated into LDAP search filters without sufficient sanitization. This allows attackers to enumerate all LDAP users, obtain sensitive user attributes, and conduct targeted attacks against specific accounts. The issue is addressed in version 1.2.49.

Recommendations Update Kanboard to version 1.2.49 or later.