CVE-2026-39912P2CRITICALCVSS 9.1≤ 0.1.92026-04-09
CVE-2026-39912 [CRITICAL] CWE-201 CVE-2026-39912: V2Board 1.6.1 through 1.7.4 and Xboard through 0.1.9 expose authentication tokens in HTTP response b
V2Board 1.6.1 through 1.7.4 and Xboard through 0.1.9 expose authentication tokens in HTTP response bodies of the loginWithMailLink endpoint when the login_with_mail_link_enable feature is active. Unauthenticated attackers can POST to the loginWithMailLink endpoint with a known email address to receive the full authentication URL in the response, t
nvd