Vulnerability Description
Kanboard is project management software focused on Kanban methodology. Versions 1.2.48 and below have an LDAP Injection vulnerability in the LDAP authentication mechanism. User-supplied input is directly substituted into LDAP search filters without proper sanitization, allowing attackers to enumerate all LDAP users, discover sensitive user attributes, and perform targeted attacks against specific accounts. This issue is fixed in version 1.2.49.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Kanboard | Kanboard | < 1.2.49 |
Related Weaknesses (CWE)
References
- https://github.com/kanboard/kanboard/commit/dd374079f7c2d1dab74c1680960e684ff866Patch
- https://github.com/kanboard/kanboard/releases/tag/v1.2.49Release Notes
- https://github.com/kanboard/kanboard/security/advisories/GHSA-v66r-m28r-wmq7ExploitVendor Advisory
- https://github.com/kanboard/kanboard/security/advisories/GHSA-v66r-m28r-wmq7ExploitVendor Advisory
FAQ
What is CVE-2026-21880?
CVE-2026-21880 is a vulnerability with a CVSS score of 5.3 (MEDIUM). Kanboard is project management software focused on Kanban methodology. Versions 1.2.48 and below have an LDAP Injection vulnerability in the LDAP authentication mechanism. User-supplied input is direc...
How severe is CVE-2026-21880?
CVE-2026-21880 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2026-21880?
Check the references section above for vendor advisories and patch information. Affected products include: Kanboard Kanboard.