External risk intelligence

V2Board Xboard Authentication Token Exposure Via LoginWithMailLink

CVE advisorySeverity: CRITICAL (CVSS 9.1)

CVE-2026-39912

The vulnerability affects web-based authentication endpoints (loginWithMailLink) in V2Board and Xboard, which are typically designed as public-facing user/admin portals. These services are intended to be internet-accessible to facilitate user account management, making the vulnerable endpoints inherently public-facing by design in standard deployments.

Halo Surface Signal: 5 out of 5 — more likely to be public-facing.

External exposure likelihood

Horizon Alert

Summary of the vulnerability and why it matters

A critical vulnerability has been identified in V2Board and Xboard software, which are used for managing VPN and proxy services. The issue allows unauthenticated attackers to gain complete account access, including administrative privileges, by exploiting a flaw in the "login with mail link" feature. This feature inadvertently exposes authentication tokens in the system's response to login requests, enabling attackers to impersonate legitimate users.

  • Unauthenticated attackers can take over accounts.
  • This affects user management and sensitive data.
  • Confirm if these systems are in use.

Attack Path

How an attacker could exploit the issue

An attacker can exploit this vulnerability by sending a request to the `loginWithMailLink` endpoint. If the `login_with_mail_link_enable` feature is active, the system will respond with authentication tokens, even without any prior authentication. The attacker can then use these tokens at the `token2Login` endpoint to gain full account access, including administrative privileges.

  • No authentication is required.
  • Requesting the login with mail link endpoint.
  • Complete account takeover, including admin access.

Live Threat

Current exploitation, exposure, and threat context

When the `login_with_mail_link_enable` feature is active, an unauthenticated attacker can obtain a valid bearer token with complete account access, including administrative privileges, by interacting with the `loginWithMailLink` and `token2Login` endpoints.

  • User and admin account access.
  • Predictable emails, then token exchange.
  • Full account takeover, including admin.

Operational Fix

Recommended remediation, mitigation, and detection steps

The critical authentication token exposure vulnerability impacts V2Board and Xboard deployments, likely managed by application owners or dedicated platform teams responsible for these web services. The first practical step is to identify all instances of the affected technology, confirm their accessibility from the internet, and assess business criticality to prioritize remediation efforts.

  • Application owners should manage the issue.
  • Verify external reachability of the service.
  • Plan remediation based on assessed risk.

Supplementary metadata

Validate whether this threat affects your internet-facing exposure.

Halo Threat Intelligence helps prioritize remediation with Halo Surface Signal and H/A/L/O context. Start exposure validation with a free external attack surface trial.

Frequently asked questions

What is V2Board and Xboard software?

V2Board and Xboard are specialized software platforms used to manage and provide VPN and proxy services. These systems typically function as web portals, allowing administrators to handle user accounts, traffic, and service subscriptions. Because they manage networking infrastructure and user access, they are often deployed as web-based administrative consoles.

How does CVE-2026-39912 work?

This vulnerability is an information exposure flaw, categorized as CWE-201. It occurs because the system mistakenly includes sensitive authentication tokens directly in the HTTP response body during a login attempt. By triggering this response, an unauthorized party can capture these tokens and use them to impersonate any user, including administrators, without ever needing a legitimate password.

Do I need to do anything if the login-with-mail-link feature is off?

If your instance has the login_with_mail_link_enable feature disabled, the specific code path that exposes these tokens is not active. The vulnerability only triggers when this optional feature is enabled. However, it is still important to verify your configuration settings directly, as the flaw relies entirely on this feature being turned on.

Is my instance at risk according to Halo Surface Signal?

Halo Surface Signal indicates that V2Board and Xboard instances are very likely to be at risk because they are designed as internet-facing portals. Since these services are built to be accessible to users and admins over the web, the vulnerable endpoints are generally reachable from the public internet by design, increasing the likelihood of exposure.

How do I start addressing this vulnerability?

Begin by auditing your environment to locate all running instances of V2Board or Xboard. Once identified, confirm whether the login_with_mail_link_enable setting is currently active in your configuration. If the feature is enabled, prioritize limiting access to the web interface or coordinating with your team to apply the necessary patches provided by the software maintainers to secure the authentication process.

References