CVE-2026-21881

CRITICAL

Kanboard < 1.2.49 - Unauthenticated Authentication Bypass via Spoofed HTTP Header

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2026-21881. PoCs published by HUSEYNKHANLI.

AI-analyzed exploit summary This repository contains a functional exploit for CVE-2026-21881, an authentication bypass vulnerability in Kanboard when REVERSE_PROXY_AUTH is enabled. The exploit demonstrates how an attacker can impersonate any user by spoofing HTTP headers, with both Python and Bash scripts provided.

Description

Kanboard is project management software focused on Kanban methodology. Versions 1.2.48 and below is vulnerable to a critical authentication bypass when REVERSE_PROXY_AUTH is enabled. The application blindly trusts HTTP headers for user authentication without verifying the request originated from a trusted reverse proxy. An attacker can impersonate any user, including administrators, by simply sending a spoofed HTTP header. This issue is fixed in version 1.2.49.

Exploits (1)

github WORKING POC 1 stars

by HUSEYNKHANLI · pythonpoc

https://github.com/HUSEYNKHANLI/CVEs/tree/main/CVE-2026-21881

View Code ZIP pw:eip

This repository contains a functional exploit for CVE-2026-21881, an authentication bypass vulnerability in Kanboard when REVERSE_PROXY_AUTH is enabled. The exploit demonstrates how an attacker can impersonate any user by spoofing HTTP headers, with both Python and Bash scripts provided.

Classification

Working Poc 100%

Attack Type

Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: Kanboard ≤1.2.48

No auth needed

Prerequisites: Kanboard instance with REVERSE_PROXY_AUTH enabled · Network access to the Kanboard server

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1078 - Valid Accounts

devstral-2 · analyzed Feb 27, 2026 Full analysis →

References (3)

Core 3

Core References

Exploit, Vendor Advisory x_refsource_confirm

https://github.com/kanboard/kanboard/security/advisories/GHSA-wwpf-3j4p-739w

Patch x_refsource_misc

https://github.com/kanboard/kanboard/commit/7af6143e2ad25b5c15549cca8af4341c7ac4e2fc

View Patch ZIP pw:eip

Release Notes x_refsource_misc

https://github.com/kanboard/kanboard/releases/tag/v1.2.49

Scores

CVSS v3 9.1

EPSS 0.0029

EPSS Percentile 52.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact total

Details

CWE

CWE-287

Status published

Products (1)

kanboard/kanboard < 1.2.49

Published Jan 08, 2026

Tracked Since Feb 18, 2026