CVE-2026-39912
V2Board · V2Board and Xboard
V2Board and Xboard expose authentication tokens in HTTP response bodies during the loginWithMailLink process, allowing unauthenticated attackers to hijack accounts, including those with admin privileges.
Executive summary
An authentication token exposure vulnerability in V2Board and Xboard enables unauthenticated attackers to perform full account takeovers by intercepting sensitive credentials.
Vulnerability
The application improperly leaks authentication tokens in HTTP response bodies via the loginWithMailLink endpoint. An unauthenticated attacker can supply a known email address to trigger the workflow and obtain a valid bearer token, granting them full access to the target account.
Business impact
With a CVSS score of 9.1, this vulnerability poses a severe threat to user and administrative accounts. Exploitation leads to unauthorized access to sensitive user data, configuration changes, and potential full administrative control over the board instance, causing significant reputational and operational damage.
Remediation
Immediate Action: Update V2Board and Xboard to the latest patched versions provided by the respective maintainers.
Proactive Monitoring: Inspect application logs for anomalous POST requests to the loginWithMailLink endpoint and monitor for unexpected administrative account activity.
Compensating Controls: Disable the login_with_mail_link_enable feature immediately if patching cannot be performed, and implement WAF rules to block suspicious traffic patterns targeting authentication endpoints.
Exploitation status
Public Exploit Available: Yes (PoC)
Analyst recommendation
This vulnerability is highly critical due to the ease of exploitation and the potential for full account takeover. Administrators should apply the vendor-provided patches immediately and review recent access logs for signs of unauthorized token exchange.