Lucene search
K

4 matches found

EUVD
EUVD
added 2026/05/11 9:56 p.m.10 views

EUVD-2026-29340

Vaultwarden is a Bitwarden-compatible server written in Rust. Prior to 1.35.5, Vaultwarden does not enforce that a groupsusers.usersorganizationsuuid entry belongs to the same organization as groups.groupsuuid, or a collectionsgroups.collectionsuuid entry belongs to the same organization as...

8.7CVSS5.9AI score0.00289EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/05/11 9:54 p.m.7 views

CVE-2026-43911

Vaultwarden is a Bitwarden-compatible server written in Rust. Prior to 1.35.5, refresh tokens are not invalidated when the user's securitystamp is rotated by some security-sensitive operations password change, KDF change, key rotation, email change, org admin password reset, emergency access...

6.8CVSS5.8AI score0.00216EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2026/05/05 7:12 p.m.21 views

CVE-2026-33420

Vaultwarden (Rust) versions 1.35.4 and earlier are affected by a missing has_full_access() authorization check on GET /api/organizations/{org_id}/collections/details, allowing any Manager-role user with accessAll=False and no collection assignments to enumerate all collections’ names, UUIDs, user...

5.3CVSS5.8AI score0.0017EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/05 7:12 p.m.5 views

CVE-2026-33420 Vaultwarden missing authorization check allows Manager-role users to enumerate all collections

Vaultwarden is a Bitwarden-compatible server written in Rust. In version 1.35.4 and earlier, the getorgcollectionsdetails endpoint GET /api/organizations/orgid/collections/details is missing the hasfullaccess authorization check that exists on the sibling getorgcollections endpoint. This allows a...

5.3CVSS5.8AI score0.0017EPSS
Exploits0References2
Rows per page
Query Builder