Home > Vulnerability Database > CVE-2026-21879

Mend.io Vulnerability Database

CVE-2026-21879

Good to know:

Date: January 7, 2026

Kanboard is project management software focused on Kanban methodology. Versions 1.2.48 and below are vulnerable to an Open Redirect attack that allows malicious actors to redirect authenticated users to attacker-controlled websites. By crafting URLs such as //evil.com, attackers can bypass the filter_var($url, FILTER_VALIDATE_URL) validation check. This vulnerability could be exploited to conduct phishing attacks, steal user credentials, or distribute malware. The issue is fixed in version 1.2.49.

Severity Score

4.7

Related Resources (5)

Url: https://nvd.nist.gov/vuln/detail/CVE-2026-21879

Url: https://github.com/kanboard/kanboard/releases/tag/v1.2.49

Url: https://github.com/kanboard/kanboard/security/advisories/GHSA-mhv9-7m9w-7hcq

Url: https://github.com/kanboard/kanboard/commit/93bcae03301a6d34185a8dba977417e6b3de519f

Url: https://www.mend.io/vulnerability-database/CVE-2026-21879

Severity Score

4.7

Weakness Type (CWE)

URL Redirection to Untrusted Site ('Open Redirect')

CWE-601

Top Fix

Upgrade Version

Upgrade to version https://github.com/kanboard/kanboard.git - v1.2.49

Learn More

CVSS v3.1

Base Score:	4.7
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	REQUIRED
Scope (S):	CHANGED
Confidentiality (C):	LOW
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2026-21879

Good to know:

Date: January 7, 2026

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?