FKIE_CVE-2026-21881

Vulnerability from fkie_nvd - Published: 2026-01-08 02:15 - Updated: 2026-01-20 15:57
Severity ?
9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Summary
Kanboard is project management software focused on Kanban methodology. Versions 1.2.48 and below is vulnerable to a critical authentication bypass when REVERSE_PROXY_AUTH is enabled. The application blindly trusts HTTP headers for user authentication without verifying the request originated from a trusted reverse proxy. An attacker can impersonate any user, including administrators, by simply sending a spoofed HTTP header. This issue is fixed in version 1.2.49.
References
security-advisories@github.comhttps://github.com/kanboard/kanboard/commit/7af6143e2ad25b5c15549cca8af4341c7ac4e2fcPatch
security-advisories@github.comhttps://github.com/kanboard/kanboard/releases/tag/v1.2.49Release Notes
security-advisories@github.comhttps://github.com/kanboard/kanboard/security/advisories/GHSA-wwpf-3j4p-739wExploit, Vendor Advisory
134c704f-9b21-4f2e-91b3-4a467353bcc0https://github.com/kanboard/kanboard/security/advisories/GHSA-wwpf-3j4p-739wExploit, Vendor Advisory
Impacted products
Vendor Product Version
kanboard kanboard *
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:kanboard:kanboard:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "AFA1D972-E76A-4A20-95F5-68D9915D3797",
              "versionEndExcluding": "1.2.49",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Kanboard is project management software focused on Kanban methodology. Versions 1.2.48 and below is vulnerable to a critical authentication bypass when REVERSE_PROXY_AUTH is enabled. The application blindly trusts HTTP headers for user authentication without verifying the request originated from a trusted reverse proxy. An attacker can impersonate any user, including administrators, by simply sending a spoofed HTTP header. This issue is fixed in version 1.2.49."
    },
    {
      "lang": "es",
      "value": "Kanboard es un software de gesti\u00f3n de proyectos centrado en la metodolog\u00eda Kanban. Las versiones 1.2.48 e inferiores son vulnerables a una omisi\u00f3n de autenticaci\u00f3n cr\u00edtica cuando REVERSE_PROXY_AUTH est\u00e1 habilitado. La aplicaci\u00f3n conf\u00eda ciegamente en los encabezados HTTP para la autenticaci\u00f3n de usuarios sin verificar que la solicitud se origin\u00f3 desde un proxy inverso de confianza. Un atacante puede suplantar a cualquier usuario, incluidos los administradores, simplemente enviando un encabezado HTTP falsificado. Este problema se solucion\u00f3 en la versi\u00f3n 1.2.49."
    }
  ],
  "id": "CVE-2026-21881",
  "lastModified": "2026-01-20T15:57:22.667",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 9.1,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.2,
        "source": "security-advisories@github.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2026-01-08T02:15:53.803",
  "references": [
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Patch"
      ],
      "url": "https://github.com/kanboard/kanboard/commit/7af6143e2ad25b5c15549cca8af4341c7ac4e2fc"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Release Notes"
      ],
      "url": "https://github.com/kanboard/kanboard/releases/tag/v1.2.49"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Exploit",
        "Vendor Advisory"
      ],
      "url": "https://github.com/kanboard/kanboard/security/advisories/GHSA-wwpf-3j4p-739w"
    },
    {
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "tags": [
        "Exploit",
        "Vendor Advisory"
      ],
      "url": "https://github.com/kanboard/kanboard/security/advisories/GHSA-wwpf-3j4p-739w"
    }
  ],
  "sourceIdentifier": "security-advisories@github.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-287"
        }
      ],
      "source": "security-advisories@github.com",
      "type": "Secondary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.