QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2026-39912

Back to search

CVE-2026-39912

Published: Apr 9, 2026

Modified: May 25, 2026

PUBLISHED

CVSS v3.1

9.1

CRITICAL

Description

V2Board 1.6.1 through 1.7.4 and Xboard through 0.1.9 expose authentication tokens in HTTP response bodies of the loginWithMailLink endpoint when the login_with_mail_link_enable feature is active. Unauthenticated attackers can POST to the loginWithMailLink endpoint with a known email address to receive the full authentication URL in the response, then exchange the token at the token2Login endpoint to obtain a valid bearer token with complete account access including admin privileges.

VendorProductVersions

v2board

v2board

affected
1.6.1 - <= 1.7.4
affected
bdb10bed32c5f37df2f0872c3cb354e9b7a293bd - <= 0ca47622a50116d0ddd7ffb316b157afb57d25e8

cedar2025

Xboard

affected
0 - <= 0.1.9
unaffected
121511523f04882ec0c7447acd9b8ebcb8a47957

Weaknesses (CWE)

CWE-201

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

None

References

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now