5 matches found
CVE-2026-31835
A flaw was found in Vaultwarden. The WebAuthn authentication process in versions 1.35.4 and earlier incorrectly updates user credential information before fully verifying the authentication signature. This allows an attacker who possesses a user's password, but cannot complete the WebAuthn...
CVE-2026-31835
Vaultwarden is a Bitwarden-compatible server written in Rust. In versions 1.35.4 and earlier, the WebAuthn authentication flow in validatewebauthnlogin updates persistent credential metadata 1backupeligible1 and 1backupstate flags1 based on unverified authenticatorData before signature validation...
EUVD-2026-27424
Vaultwarden is a Bitwarden-compatible server written in Rust. In versions 1.35.4 and earlier, the WebAuthn authentication flow in validatewebauthnlogin updates persistent credential metadata 1backupeligible1 and 1backupstate flags1 based on unverified authenticatorData before signature validation...
CVE-2026-31835
Vaultwarden is a Bitwarden-compatible server written in Rust. In versions 1.35.4 and earlier, the WebAuthn authentication flow in validatewebauthnlogin updates persistent credential metadata 1backupeligible1 and 1backupstate flags1 based on unverified authenticatorData before signature validation...
CVE-2026-31835
Vaultwarden (Rust) prior to 1.35.5 is affected. In 1.35.4 and earlier, validate_webauthn_login() updates persistent credential flags before WebAuthn signature verification, allowing an attacker who knows a user’s password but cannot produce a valid WebAuthn signature to permanently modify backup ...