Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

cedar2025

Source -

CNA

BOS Name -

N/A

CNA CVEs -

1

ADP CVEs -

0

CISA CVEs -

0

NVD CVEs -

0
Related CVEsRelated ProductsRelated AssignersReports
1Vulnerabilities found
CVE-2026-39912
Assigner-VulnCheck
ShareView Details
Assigner-VulnCheck
CVSS Score-9.1||CRITICAL
EPSS-0.07% / 21.35%
||
7 Day CHG-0.00%
Published-09 Apr, 2026 | 18:35
Updated-13 Apr, 2026 | 15:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
v2board / Xboard Authentication Token Exposure via loginWithMailLink

V2Board 1.6.1 through 1.7.4 and Xboard through 0.1.9 expose authentication tokens in HTTP response bodies of the loginWithMailLink endpoint when the login_with_mail_link_enable feature is active. Unauthenticated attackers can POST to the loginWithMailLink endpoint with a known email address to receive the full authentication URL in the response, then exchange the token at the token2Login endpoint to obtain a valid bearer token with complete account access including admin privileges.

Action-Not Available
Vendor-cedar2025v2board
Product-Xboardv2board
CWE ID-CWE-201
Insertion of Sensitive Information Into Sent Data