Synced 18 Jun 2026 05:58 UTC Account
← All products

CVE-2026-21879

MEDIUM severity · CVSS 4.7 · CWE-601
4.7CVSS MEDIUM

Summary

Kanboard is project management software focused on Kanban methodology. Versions 1.2.48 and below are vulnerable to an Open Redirect attack that allows malicious actors to redirect authenticated users to attacker-controlled websites. By crafting URLs such as //evil.com, attackers can bypass the filter_var($url, FILTER_VALIDATE_URL) validation check. This vulnerability could be exploited to conduct phishing attacks, steal user credentials, or distribute malware. The issue is fixed in version 1.2.49.

Impact & exploitability

Attack vectorNetwork
Attack complexityLow
Privileges requiredNone
User interactionRequired
Confidentiality impactLow
Integrity impactNone
Availability impactNone
Exploit probability (EPSS)0%

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N

Affected products we track (1)

Kanboard

Recommendation

Apply the vendor fix in your normal patch cycle. Open any affected product above for its exact safe version.

Official patch: https://github.com/kanboard/kanboard/commit/93bcae03301a6d34185a8dba977417e6b3de519f ↗

Additional information