{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/products/v2board/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[{"cvss":9.1,"id":"CVE-2026-39912"}],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["V2Board","Xboard"],"_cs_severities":["critical"],"_cs_tags":["CVE-2026-39912","v2board","xboard","authentication-bypass","webserver"],"_cs_type":"advisory","_cs_vendors":["V2Board","Xboard"],"content_html":"\u003cp\u003eV2Board versions 1.6.1 through 1.7.4 and Xboard versions through 0.1.9 are vulnerable to an authentication bypass vulnerability, tracked as CVE-2026-39912. This vulnerability exists in the \u003ccode\u003eloginWithMailLink\u003c/code\u003e endpoint when the \u003ccode\u003elogin_with_mail_link_enable\u003c/code\u003e feature is active. An unauthenticated attacker can exploit this vulnerability by sending a POST request to the \u003ccode\u003eloginWithMailLink\u003c/code\u003e endpoint with a known email address. The server responds with a full authentication URL containing a token, which can then be exchanged at the \u003ccode\u003etoken2Login\u003c/code\u003e endpoint to obtain a valid bearer token, granting the attacker complete account access, potentially including administrative privileges. This allows for a complete account takeover without any prior authentication.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eThe attacker identifies a target V2Board or Xboard instance running a vulnerable version (V2Board 1.6.1-1.7.4 or Xboard \u0026lt;= 0.1.9) with the \u003ccode\u003elogin_with_mail_link_enable\u003c/code\u003e feature enabled.\u003c/li\u003e\n\u003cli\u003eThe attacker identifies a valid email address associated with an account on the target V2Board/Xboard instance.\u003c/li\u003e\n\u003cli\u003eThe attacker sends an unauthenticated POST request to the \u003ccode\u003e/loginWithMailLink\u003c/code\u003e endpoint, including the target email address in the request body.\u003c/li\u003e\n\u003cli\u003eThe server responds with an HTTP response body containing a URL that includes an authentication token (e.g., \u003ccode\u003ehttps://example.com/auth?token=YOUR_TOKEN\u003c/code\u003e).\u003c/li\u003e\n\u003cli\u003eThe attacker extracts the authentication token from the URL provided in the response.\u003c/li\u003e\n\u003cli\u003eThe attacker sends a request (likely POST) to the \u003ccode\u003e/token2Login\u003c/code\u003e endpoint, providing the extracted authentication token in the request body.\u003c/li\u003e\n\u003cli\u003eThe server validates the token and responds with a valid bearer token.\u003c/li\u003e\n\u003cli\u003eThe attacker uses the acquired bearer token to authenticate to the application and gain complete account access, potentially including administrative privileges, allowing them to modify settings, access sensitive data, and perform unauthorized actions.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-39912 allows an unauthenticated attacker to gain complete control of user accounts on affected V2Board and Xboard instances. This can lead to data breaches, service disruption, and unauthorized modifications to the platform. Given that V2Board and Xboard are often used for subscription management and content delivery, a successful attack could compromise sensitive user data, including payment information and personal details. The vulnerability has a CVSS v3.1 base score of 9.1, indicating its critical severity.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDisable the \u003ccode\u003elogin_with_mail_link_enable\u003c/code\u003e feature immediately as a temporary mitigation.\u003c/li\u003e\n\u003cli\u003eUpgrade V2Board to a version later than 1.7.4 or Xboard to a version later than 0.1.9 to patch CVE-2026-39912.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule \u0026quot;Detect V2Board/Xboard loginWithMailLink Request\u0026quot; to monitor for suspicious requests to the \u003ccode\u003e/loginWithMailLink\u003c/code\u003e endpoint.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule \u0026quot;Detect V2Board/Xboard token2Login Request\u0026quot; to monitor for suspicious requests to the \u003ccode\u003e/token2Login\u003c/code\u003e endpoint.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2024-01-02T12:00:00Z","date_published":"2024-01-02T12:00:00Z","id":"https://feed.craftedsignal.io/briefs/2024-01-v2board-xboard-auth-bypass/","summary":"V2Board and Xboard are vulnerable to authentication bypass due to exposing authentication tokens in HTTP response bodies, allowing unauthenticated attackers to gain complete account access.","title":"V2Board and Xboard Authentication Bypass via Exposed Tokens","url":"https://feed.craftedsignal.io/briefs/2024-01-v2board-xboard-auth-bypass/"}],"language":"en","title":"CraftedSignal Threat Feed - V2Board","version":"https://jsonfeed.org/version/1.1"}