CVE-2026-21880
Last modified
CVE-2026-21880 is a medium-severity vulnerability rated 5.3/10 on the CVSS scale. Kanboard is project management software focused on Kanban methodology. Versions 1.2.48 and below have an LDAP Injection vulnerability in the LDAP authentication mechanism. EPSS estimates a 0.35% chance of exploitation in the next 30 days.
Description
Kanboard is project management software focused on Kanban methodology. Versions 1.2.48 and below have an LDAP Injection vulnerability in the LDAP authentication mechanism. User-supplied input is directly substituted into LDAP search filters without proper sanitization, allowing attackers to enumerate all LDAP users, discover sensitive user attributes, and perform targeted attacks against specific accounts. This issue is fixed in version 1.2.49.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Kanboard | Kanboard | < 1.2.49 |
References
- https://github.com/kanboard/kanboard/security/advisories/GHSA-v66r-m28r-wmq7Exploit, Vendor Advisory
- https://github.com/kanboard/kanboard/security/advisories/GHSA-v66r-m28r-wmq7Exploit, Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Analyzed
Frequently Asked Questions
What is CVE-2026-21880?
How severe is CVE-2026-21880?
How do I fix CVE-2026-21880?
Are you affected by CVE-2026-21880?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST