Vulnerability Description
Sensitive server_token exposed via GET parameter in V2Board thru 1.7.4. In app/Http/Controllers/Server/UniProxyController.php, the server authentication token is accepted via GET parameter transmission. The token appears in URLs such as /api/v1/server/UniProxy/user?token=SECRET, causing it to be recorded in web server access logs, browser history, HTTP Referer headers, and proxy/CDN logs. An attacker who gains access to any log source can extract the token and impersonate a proxy server node, potentially intercepting all user traffic.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| V2Board | V2Board | <= 1.7.4 |
Related Weaknesses (CWE)
References
- https://gist.github.com/sgInnora/1330e1a82caa79906eec55eeff2c99b9ExploitThird Party Advisory
- https://github.com/v2board/v2boardProduct
FAQ
What is CVE-2026-37504?
CVE-2026-37504 is a vulnerability with a CVSS score of 5.3 (MEDIUM). Sensitive server_token exposed via GET parameter in V2Board thru 1.7.4. In app/Http/Controllers/Server/UniProxyController.php, the server authentication token is accepted via GET parameter transmissio...
How severe is CVE-2026-37504?
CVE-2026-37504 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2026-37504?
Check the references section above for vendor advisories and patch information. Affected products include: V2Board V2Board.