CVE-2026-39912

EPSS 0.58%
Veröffentlicht 09.04.2026 19:16:25
Zuletzt bearbeitet 15.04.2026 15:00:32
Quelle disclosure@vulncheck.com
CVE-Watchlists
Login
Unerledigt
Login

v2board / Xboard Authentication Token Exposure via loginWithMailLink

V2Board 1.6.1 through 1.7.4 and Xboard through 0.1.9 expose authentication tokens in HTTP response bodies of the loginWithMailLink endpoint when the login_with_mail_link_enable feature is active. Unauthenticated attackers can POST to the loginWithMailLink endpoint with a known email address to receive the full authentication URL in the response, then exchange the token at the token2Login endpoint to obtain a valid bearer token with complete account access including admin privileges.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 11

CNA 2 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

Herstellerv2board

≫

Produkt v2board

Default Statusunknown

Version <= 1.7.4

Version 1.6.1

Status affected

Version <= 0ca47622a50116d0ddd7ffb316b157afb57d25e8

Version bdb10bed32c5f37df2f0872c3cb354e9b7a293bd

Status affected

Herstellercedar2025

≫

Produkt Xboard

Default Statusunaffected

Version <= 0.1.9

Version 0

Status affected

Version 121511523f04882ec0c7447acd9b8ebcb8a47957

Status unaffected

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.58%	0.432

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
disclosure@vulncheck.com	9.1	3.9	5.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
disclosure@vulncheck.com	9.1	0	0	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CWE-201 Insertion of Sensitive Information Into Sent Data

The code transmits data to another actor, but a portion of the data includes sensitive information that should not be accessible to that actor.

https://chocapikk.com/posts/2026/xboard-v2board-account-takeover/

https://github.com/cedar2025/Xboard/blob/1fe6531924cc1ec662a88b9ef725afcf78d660bc/app/Http/Controllers/V1/Passport/AuthController.php#L51

https://github.com/cedar2025/Xboard/blob/1fe6531924cc1ec662a88b9ef725afcf78d660bc/app/Services/Auth/MailLinkService.php#L49

https://github.com/cedar2025/Xboard/commit/121511523f04882ec0c7447acd9b8ebcb8a47957

https://github.com/cedar2025/Xboard/pull/873

https://github.com/v2board/v2board/blob/0ca47622a50116d0ddd7ffb316b157afb57d25e8/app/Http/Controllers/Passport/AuthController.php#L71

https://github.com/v2board/v2board/pull/981

https://www.vulncheck.com/advisories/v2board-xboard-authentication-token-exposure-via-loginwithmaillink

https://nvd.nist.gov/vuln/detail/CVE-2026-39912

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-39912

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-39912

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2026-39912