CVE-2026-21880

Sažetak

Kanboard is project management software focused on Kanban methodology. Versions 1.2.48 and below have an LDAP Injection vulnerability in the LDAP authentication mechanism. User-supplied input is directly substituted into LDAP search filters without proper sanitization, allowing attackers to enumerate all LDAP users, discover sensitive user attributes, and perform targeted attacks against specific accounts. This issue is fixed in version 1.2.49.

Reference

https://github.com/kanboard/kanboard/commit/dd374079f7c2d1dab74c1680960e684ff8668586
https://github.com/kanboard/kanboard/releases/tag/v1.2.49
https://github.com/kanboard/kanboard/security/advisories/GHSA-v66r-m28r-wmq7
https://github.com/kanboard/kanboard/security/advisories/GHSA-v66r-m28r-wmq7

CVSS

Base:	5.3
Impact:	1.4
Exploitability:	3.9

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
LOW	NONE	NONE

CVSS vektor

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Zadnje važnije ažuriranje

20-01-2026 - 18:38

Objavljeno

08-01-2026 - 02:15