Kanboard vulnerable to Open Redirect via protocol-relative URLs_CVE-2026-21879

4.7 / 10

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N

Description

Kanboard is project management software focused on Kanban methodology. Versions 1.2.48 and below are vulnerable to an Open Redirect attack that allows malicious actors to redirect authenticated users to attacker-controlled websites. By crafting URLs such as //evil.com, attackers can bypass the filter_var($url, FILTER_VALIDATE_URL) validation check. This vulnerability could be exploited to conduct phishing attacks, steal user credentials, or distribute malware. The issue is fixed in version 1.2.49.

Basic Information

ID CVE-2026-21879

Source GitHub_M

Published Jan 8, 2026 at 00:51

Affected Product

Vendor kanboard

Product kanboard

Version < 1.2.49

Affected Versions kanboard kanboard < 1.2.49

CWE Classification

CWE-601

References

{
    "lastseen": "",
    "description": "Kanboard is project management software focused on Kanban methodology. Versions 1.2.48 and below are vulnerable to an Open Redirect attack that allows malicious actors to redirect authenticated users to attacker-controlled websites. By crafting URLs such as //evil.com, attackers can bypass the filter_var($url, FILTER_VALIDATE_URL) validation check. This vulnerability could be exploited to conduct phishing attacks, steal user credentials, or distribute malware. The issue is fixed in version 1.2.49.",
    "published": "2026-01-08T00:51:50.954Z",
    "modified": "2026-01-08T00:51:50.954Z",
    "type": "cve",
    "title": "Kanboard vulnerable to Open Redirect via protocol-relative URLs",
    "source": "GitHub_M",
    "references": "https://github.com/kanboard/kanboard/security/advisories/GHSA-mhv9-7m9w-7hcq\nhttps://github.com/kanboard/kanboard/commit/93bcae03301a6d34185a8dba977417e6b3de519f\nhttps://github.com/kanboard/kanboard/releases/tag/v1.2.49",
    "id": "CVE-2026-21879",
    "bulletinFamily": "",
    "cwe": [
        "CWE-601"
    ],
    "cvelist": null,
    "sourceData": "kanboard kanboard < 1.2.49",
    "sourceHref": "",
    "cvss": {
        "score": 4.7,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "kanboard",
    "version": "< 1.2.49",
    "vendor": "kanboard",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}