9.1

CVE-2026-21881

Medienbericht
Exploit

Kanboard is Vulnerable to Reverse Proxy Authentication Bypass

Kanboard is project management software focused on Kanban methodology. Versions 1.2.48 and below is vulnerable to a critical authentication bypass when REVERSE_PROXY_AUTH is enabled. The application blindly trusts HTTP headers for user authentication without verifying the request originated from a trusted reverse proxy. An attacker can impersonate any user, including administrators, by simply sending a spoofed HTTP header. This issue is fixed in version 1.2.49.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
KanboardKanboard Version < 1.2.49
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.43% 0.344
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
security-advisories@github.com 9.1 3.9 5.2
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
CWE-287 Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

Für Zugriff zu Vulnerability Intelligence ist ein VulnDex Zugang erforderlich.
VulnDex Intel
Media Report
08.01.2026 14:08
https://github.com/kanboard/kanboard/releases/tag/v1.2.49
Release Notes
https://github.com/kanboard/kanboard/security/advisories/GHSA-wwpf-3j4p-739w
Vendor Advisory
Exploit
https://github.com/kanboard/kanboard/commit/7af6143e2ad25b5c15549cca8af4341c7ac4e2fc
Patch