CVE-2026-21881

Name of the Vulnerable Software and Affected Versions Kanboard versions 1.2.48 and below

Description Kanboard is project management software based on the Kanban methodology. When the REVERSE PROXY AUTH setting is enabled, the application does not properly verify the source of HTTP headers used for user authentication, leading to a critical authentication bypass. An attacker can exploit this by sending spoofed HTTP headers to impersonate any user, including administrators. The application blindly trusts these headers without confirming they originate from a trusted reverse proxy.

Recommendations Kanboard versions 1.2.48 and below: Upgrade to version 1.2.49 or later.