CVE-2026-21879
MEDIUMKanboard < 1.2.49 - Open Redirect
Title source: ruleDescription
Kanboard is project management software focused on Kanban methodology. Versions 1.2.48 and below are vulnerable to an Open Redirect attack that allows malicious actors to redirect authenticated users to attacker-controlled websites. By crafting URLs such as //evil.com, attackers can bypass the filter_var($url, FILTER_VALIDATE_URL) validation check. This vulnerability could be exploited to conduct phishing attacks, steal user credentials, or distribute malware. The issue is fixed in version 1.2.49.
Exploits (1)
github
WORKING POC
1 stars
by HUSEYNKHANLI · pythonpoc
https://github.com/HUSEYNKHANLI/CVEs/tree/main/CVE-2026-21879
References (3)
Scores
CVSS v3
4.7
EPSS
0.0005
EPSS Percentile
15.0%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N
Details
CWE
CWE-601
Status
published
Products (1)
kanboard/kanboard
< 1.2.49
Published
Jan 08, 2026
Tracked Since
Feb 18, 2026