3 matches found
CVE-2026-33420
Vaultwarden is a Bitwarden-compatible server written in Rust. In version 1.35.4 and earlier, the getorgcollectionsdetails endpoint GET /api/organizations/orgid/collections/details is missing the hasfullaccess authorization check that exists on the sibling getorgcollections endpoint. This allows a...
CVE-2026-33420 Vaultwarden missing authorization check allows Manager-role users to enumerate all collections
Vaultwarden is a Bitwarden-compatible server written in Rust. In version 1.35.4 and earlier, the getorgcollectionsdetails endpoint GET /api/organizations/orgid/collections/details is missing the hasfullaccess authorization check that exists on the sibling getorgcollections endpoint. This allows a...
CVE-2026-33420
Vaultwarden is a Bitwarden-compatible server written in Rust. In version 1.35.4 and earlier, the getorgcollectionsdetails endpoint GET /api/organizations/orgid/collections/details is missing the hasfullaccess authorization check that exists on the sibling getorgcollections endpoint. This allows a...