6 matches found
CVE-2026-27802
Vaultwarden is an unofficial Bitwarden compatible server written in Rust, formerly known as bitwardenrs. Prior to version 1.35.4, there is a privilege escalation vulnerability via bulk permission update to unauthorized collections by Manager. This issue has been patched in version 1.35.4...
CVE-2026-27802
Vaultwarden is an unofficial Bitwarden compatible server written in Rust, formerly known as bitwardenrs. Prior to version 1.35.4, there is a privilege escalation vulnerability via bulk permission update to unauthorized collections by Manager. This issue has been patched in version 1.35.4...
CVE-2026-27802 Vaultwarden: Privilege Escalation via Bulk Permission Update to Unauthorized Collections by Manager
Vaultwarden is an unofficial Bitwarden compatible server written in Rust, formerly known as bitwardenrs. Prior to version 1.35.4, there is a privilege escalation vulnerability via bulk permission update to unauthorized collections by Manager. This issue has been patched in version 1.35.4...
CVE-2026-27802
CVE-2026-27802 concerns Vaultwarden (unofficial Bitwarden-compatible server in Rust). A Privilege Escalation flaw allows a Manager (authorized user with access_all=false) to perform a bulk permission update that grants themselves access to collections they should not control. Multiple sources des...
CVE-2026-27802 Vaultwarden: Privilege Escalation via Bulk Permission Update to Unauthorized Collections by Manager
Vaultwarden is an unofficial Bitwarden compatible server written in Rust, formerly known as bitwardenrs. Prior to version 1.35.4, there is a privilege escalation vulnerability via bulk permission update to unauthorized collections by Manager. This issue has been patched in version 1.35.4...
PT-2026-23071
Name of the Vulnerable Software and Affected Versions Vaultwarden versions prior to 1.35.4 Description A Manager account with limited permissions was able to gain elevated privileges by using the bulk-access API to modify permissions on collections they were not originally authorized to access. T...