CVE-2026-39912

V2Board · V2Board and Xboard

V2Board and Xboard expose authentication tokens in HTTP response bodies during the loginWithMailLink process, allowing unauthenticated attackers to hijack accounts, including those with admin privileges.

Executive summary

An authentication token exposure vulnerability in V2Board and Xboard enables unauthenticated attackers to perform full account takeovers by intercepting sensitive credentials.

Vulnerability

The application improperly leaks authentication tokens in HTTP response bodies via the loginWithMailLink endpoint. An unauthenticated attacker can supply a known email address to trigger the workflow and obtain a valid bearer token, granting them full access to the target account.

Business impact

With a CVSS score of 9.1, this vulnerability poses a severe threat to user and administrative accounts. Exploitation leads to unauthorized access to sensitive user data, configuration changes, and potential full administrative control over the board instance, causing significant reputational and operational damage.

Remediation

Immediate Action: Update V2Board and Xboard to the latest patched versions provided by the respective maintainers.

Proactive Monitoring: Inspect application logs for anomalous POST requests to the loginWithMailLink endpoint and monitor for unexpected administrative account activity.

Compensating Controls: Disable the login_with_mail_link_enable feature immediately if patching cannot be performed, and implement WAF rules to block suspicious traffic patterns targeting authentication endpoints.

Exploitation status

Public Exploit Available: Yes (PoC)

Analyst recommendation

This vulnerability is highly critical due to the ease of exploitation and the potential for full account takeover. Administrators should apply the vendor-provided patches immediately and review recent access logs for signs of unauthorized token exchange.