CVE-2026-27898
Vaultwarden (unofficial Bitwarden-compatible server) is affected by CVE-2026-27898 prior to version 1.35.4. An authenticated regular user can specify another user’s cipher_id and call PUT /api/ciphers/{id}/partial; the endpoint returns 200 OK and exposes cipherDetails (name, notes, data, secureNo...