CVE-2026-21880

Medium CVSS: 5.3

Kanboard is project management software focused on Kanban methodology. Versions 1.2.48 and below have an LDAP Injection vulnerability in the LDAP authentication mechanism. User-supplied input is directly substituted into LDAP search filters without proper sanitization, allowing attackers to enumerate all LDAP users, discover sensitive user attributes, and perform targeted attacks against specific accounts. This issue is fixed in version 1.2.49.

Vendor

Kanboard

Product

Kanboard

CWE

CWE-90

Yayın Tarihi

2026-01-08 02:15:53

Güncelleme

2026-01-20 18:38:16

Source Identifier

security-advisories@github.com

KEV Date Added

Kategoriler

CWE-90 Kanboard MEDIUM Kanboard 2026

Referanslar

https://github.com/kanboard/kanboard/commit/dd374079f7c2d1dab74c1680960e684ff8668586 https://github.com/kanboard/kanboard/releases/tag/v1.2.49 https://github.com/kanboard/kanboard/security/advisories/GHSA-v66r-m28r-wmq7 https://github.com/kanboard/kanboard/security/advisories/GHSA-v66r-m28r-wmq7

Benzer Kayıtlar

High

CVE-2026-33058

Kanboard is project management software focused on Kanban methodology. Versions prior to 1.2.51 have an authenticated SQ…

High

CVE-2026-29056

Kanboard is project management software focused on Kanban methodology. Prior to 1.2.51, Kanboard's user invite registrat…

Medium

CVE-2026-25531

Kanboard is project management software focused on Kanban methodology. Prior to 1.2.50, The fix for CVE-2023-33968 is in…

High

CVE-2026-25924

Kanboard is project management software focused on Kanban methodology. Prior to 1.2.50, a security control bypass vulner…

Medium

CVE-2026-25530

Kanboard is project management software focused on Kanban methodology. Prior to 1.2.50, the getSwimlane API method lacks…

Medium

CVE-2026-24885

Kanboard is project management software focused on Kanban methodology. Prior to 1.2.50, a Cross-Site Request Forgery (CS…