Vulnerability Description
Kanboard is project management software focused on Kanban methodology. Versions 1.2.48 and below are vulnerable to an Open Redirect attack that allows malicious actors to redirect authenticated users to attacker-controlled websites. By crafting URLs such as //evil.com, attackers can bypass the filter_var($url, FILTER_VALIDATE_URL) validation check. This vulnerability could be exploited to conduct phishing attacks, steal user credentials, or distribute malware. The issue is fixed in version 1.2.49.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Kanboard | Kanboard | < 1.2.49 |
Related Weaknesses (CWE)
References
- https://github.com/kanboard/kanboard/commit/93bcae03301a6d34185a8dba977417e6b3dePatch
- https://github.com/kanboard/kanboard/releases/tag/v1.2.49Release Notes
- https://github.com/kanboard/kanboard/security/advisories/GHSA-mhv9-7m9w-7hcqExploitThird Party Advisory
- https://github.com/kanboard/kanboard/security/advisories/GHSA-mhv9-7m9w-7hcqExploitThird Party Advisory
FAQ
What is CVE-2026-21879?
CVE-2026-21879 is a vulnerability with a CVSS score of 4.7 (MEDIUM). Kanboard is project management software focused on Kanban methodology. Versions 1.2.48 and below are vulnerable to an Open Redirect attack that allows malicious actors to redirect authenticated users ...
How severe is CVE-2026-21879?
CVE-2026-21879 has been rated MEDIUM with a CVSS base score of 4.7/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2026-21879?
Check the references section above for vendor advisories and patch information. Affected products include: Kanboard Kanboard.