3 matches found
CVE-2026-43913
Vaultwarden is a Bitwarden-compatible server written in Rust. Prior to 1.35.5, Vaultwarden allows an unconfirmed organization owner to purge the entire organization vault. The organization invite flow uses a two-step process: accepting an invite transitions membership from Invited to Accepted, an...
CVE-2026-43913 Vaultwarden: Unconfirmed Owner Can Purge Entire Organization Vault
Vaultwarden is a Bitwarden-compatible server written in Rust. Prior to 1.35.5, Vaultwarden allows an unconfirmed organization owner to purge the entire organization vault. The organization invite flow uses a two-step process: accepting an invite transitions membership from Invited to Accepted, an...
PT-2026-39863
Name of the Vulnerable Software and Affected Versions Vaultwarden versions prior to 1.35.5 Description Vaultwarden allows an unconfirmed organization owner to purge the entire organization vault. The issue exists because the 'POST /api/ciphers/purge' endpoint verifies that a user has the Owner...