DEBIAN-CVE-2026-21879

See a problem?
Please try reporting it to the source first.

Source

https://security-tracker.debian.org/tracker/CVE-2026-21879

Import Source

https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2026-21879.json

JSON Data

https://api.osv.dev/v1/vulns/DEBIAN-CVE-2026-21879

Upstream

CVE-2026-21879

Published

2026-01-08T02:15:53.490Z

Modified

2026-01-21T11:18:10.337820Z

Severity

6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

Kanboard is project management software focused on Kanban methodology. Versions 1.2.48 and below are vulnerable to an Open Redirect attack that allows malicious actors to redirect authenticated users to attacker-controlled websites. By crafting URLs such as //evil.com, attackers can bypass the filtervar($url, FILTERVALIDATE_URL) validation check. This vulnerability could be exploited to conduct phishing attacks, steal user credentials, or distribute malware. The issue is fixed in version 1.2.49.

References

https://security-tracker.debian.org/tracker/CVE-2026-21879

Affected packages

Debian:14 / kanboard

Package

Name: kanboard
Purl: pkg:deb/debian/kanboard?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.2.49+ds-1

Affected versions

1.*

1.2.22+ds-1

1.2.23+ds-1

1.2.23+ds-1.1

1.2.25+ds-1

1.2.25+ds-2

1.2.25+ds-3

1.2.26+ds-1

1.2.26+ds-2

1.2.26+ds-3

1.2.26+ds-4

1.2.30+ds-1

1.2.31+ds-1

1.2.31+ds2-1

1.2.44+ds-1

1.2.47+ds-1

1.2.47+ds-2

1.2.48+ds-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Database specific

source

"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2026-21879.json"