CVE-2026-21879
Open Redirect Vulnerability in Kanboard Allows Phishing Attacks
Publication date: 2026-01-08
Last updated on: 2026-01-08
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| kanboard | kanboard | to 1.2.49 (inc) |
| kanboard | kanboard | to 1.2.49 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-601 | The web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect. |
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability impact me? :
This vulnerability can impact you by allowing attackers to redirect authenticated users to malicious external sites. This can be exploited to conduct phishing attacks to steal user credentials, distribute malware, or abuse the trust users have in the legitimate Kanboard domain. It may also lead to session hijacking when combined with other vulnerabilities. [2]
Can you explain this vulnerability to me?
CVE-2026-21879 is an Open Redirect vulnerability in Kanboard versions 1.2.48 and below. It occurs because the application improperly validates redirect URLs after user authentication, allowing attackers to craft URLs using protocol-relative URLs (e.g., //evil.com) that bypass the URL validation check. This causes authenticated users to be redirected to attacker-controlled websites, potentially leading to phishing attacks, credential theft, or malware distribution. [2]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by testing if the Kanboard instance improperly redirects authenticated users to protocol-relative URLs (e.g., URLs starting with "//") after login. You can use curl commands to simulate the attack flow by crafting URLs such as http://your-kanboard-instance//evil.com/phishing, then logging in and observing if the redirect occurs to an external attacker-controlled domain. Example command: curl -c cookies.txt -L "http://your-kanboard-instance//evil.com/phishing" to capture the session and follow redirects. After login, check if the redirect leads to the external URL. This confirms the presence of the open redirect vulnerability. [2]
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to upgrade Kanboard to version 1.2.49 or later, where the vulnerability is fixed. The fix includes strict validation of redirect URLs to allow only safe relative paths starting with a single slash and rejecting protocol-relative URLs and absolute URLs. Additionally, the update introduces a configuration option TRUSTED_PROXY_NETWORKS to enhance security in proxy environments and an optional feature to block private network access when fetching external links. If upgrading immediately is not possible, you should implement strict validation on redirect URLs to reject protocol-relative URLs and remove redirect session variables after use to prevent reuse. [1, 2, 3]
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability allows attackers to redirect authenticated users to malicious websites, enabling phishing attacks, credential theft, and malware distribution. Such security incidents could lead to unauthorized access to personal or sensitive data, potentially resulting in violations of data protection regulations like GDPR or HIPAA. By facilitating credential theft and phishing, the vulnerability increases the risk of data breaches and unauthorized data exposure, which are critical compliance concerns under these standards. Therefore, the presence of this vulnerability could negatively impact compliance with common security and privacy regulations by exposing user data to attackers. [2]