Lucene search
K

6 matches found

NVD
NVD
added 2026/03/04 10:16 p.m.12 views

CVE-2026-27802

Vaultwarden is an unofficial Bitwarden compatible server written in Rust, formerly known as bitwardenrs. Prior to version 1.35.4, there is a privilege escalation vulnerability via bulk permission update to unauthorized collections by Manager. This issue has been patched in version 1.35.4...

8.3CVSS0.00293EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/04 9:34 p.m.5 views

CVE-2026-27802

Vaultwarden is an unofficial Bitwarden compatible server written in Rust, formerly known as bitwardenrs. Prior to version 1.35.4, there is a privilege escalation vulnerability via bulk permission update to unauthorized collections by Manager. This issue has been patched in version 1.35.4...

8.3CVSS5.8AI score0.00293EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/03/04 9:34 p.m.19 views

CVE-2026-27802 Vaultwarden: Privilege Escalation via Bulk Permission Update to Unauthorized Collections by Manager

Vaultwarden is an unofficial Bitwarden compatible server written in Rust, formerly known as bitwardenrs. Prior to version 1.35.4, there is a privilege escalation vulnerability via bulk permission update to unauthorized collections by Manager. This issue has been patched in version 1.35.4...

8.3CVSS0.00293EPSS
Exploits0References1
CVE
CVE
added 2026/03/04 9:34 p.m.19 views

CVE-2026-27802

CVE-2026-27802 concerns Vaultwarden (unofficial Bitwarden-compatible server in Rust). A Privilege Escalation flaw allows a Manager (authorized user with access_all=false) to perform a bulk permission update that grants themselves access to collections they should not control. Multiple sources des...

8.3CVSS5.8AI score0.00293EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2026/03/04 9:34 p.m.6 views

CVE-2026-27802 Vaultwarden: Privilege Escalation via Bulk Permission Update to Unauthorized Collections by Manager

Vaultwarden is an unofficial Bitwarden compatible server written in Rust, formerly known as bitwardenrs. Prior to version 1.35.4, there is a privilege escalation vulnerability via bulk permission update to unauthorized collections by Manager. This issue has been patched in version 1.35.4...

8.3CVSS5.7AI score0.00293EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/03/04 12:0 a.m.8 views

PT-2026-23071

Name of the Vulnerable Software and Affected Versions Vaultwarden versions prior to 1.35.4 Description A Manager account with limited permissions was able to gain elevated privileges by using the bulk-access API to modify permissions on collections they were not originally authorized to access. T...

8.3CVSS6AI score0.00293EPSS
Exploits0References7
Rows per page
Query Builder