GHSA-RM3J-F69W-WQMQ vulnerabilities

Vulnerabilities for packages: steampipe, guac, sops, loki, tw, ko, containerd, wal-g, gptscript, crossplane-provider-aws-rds, chisel, eksctl, opentelemetry-collector, step, policy-controller, argo-events, caddy, syft, crossplane-provider-aws-sqs, fscrypt, witness,...

GHSA-W879-237Q-WC7R vulnerabilities

Vulnerabilities for packages: steampipe, guac, sops, loki, ko, containerd, wal-g, gptscript, chisel, eksctl, opentelemetry-collector, step, policy-controller, argo-events, caddy, syft, fscrypt, witness, crossplane-provider-azure-managedidentity, pulumi-language-dotnet, kyverno, rancher, terragrun...

GHSA-F5WC-C3C7-36MC vulnerabilities

Vulnerabilities for packages: guac, loki, containerd, gptscript, opentelemetry-collector, step, argo-events, caddy, syft, fscrypt, witness, pulumi-language-dotnet, kyverno, rancher, terragrunt, trivy, trivy-operator, apko, scorecard, rancher-agent, pulumi-kubernetes-operator, skaffold, aactl,...

GHSA-8W8F-R2XV-4Q4J OpenBao: Transit secrets engine crashes on key creation with `derived: true` for asymmetric key types

On OpenBao 2.5.4 and 2.5.2and likely earlier versions also, an authenticated caller with write access to transit/keys/ can crash the OpenBao server by issuing a single key-creation request that combines an asymmetric type rsa-, ecdsa-, ed25519 with derived: true. The server returns no HTTP respon...

GHSA-MWR2-WMGP-CRJ6 OpenBao's System Backend allows Unauthorized Management of the containing Namespace

Summary A user that is granted namespace management /sys/namespaces capabilities within a non-root namespace "the victim namespace" can abuse special handling of the literal path "root" in namespace path canonicalization to manage the victim namespace itself. Details Several endpoints under...

GHSA-C36X-H252-G9X2 OpenBao: Cross-namespace lease revocation/renewal via canonical sys/leases/{revoke,renew} — incomplete fix of CVE-2026-45808

Summary OpenBao users with access to the sys/leases/revoke/:leaseid endpoint in any namespace can revoke leases in any other namespace as long as the lease identifier is known to them, bypassing ACLs that should apply for cross-namespace revocations. Impact OpenBao's namespaces provide multi-tena...

GHSA-6MWX-4547-5VC9 OpenBao: LDAPi ldaputil (wrong escape func)

Description Component sdk/helper/ldaputil/client.go — the shared LDAP utility library used by both the LDAP authentication backend and OpenLDAP secrets engine to construct LDAP search filters and bind DNs. Root Cause The LDAP utility contains a function selection error that causes incorrect...

CVE-2026-55775

creationtimestamp| type| source ---|---|--- 2026-06-19 11:28:42+00:00| published-proof-of-concept| https://github.com/openbao/openbao/security/advisories/GHSA-mwr2-wmgp-crj6...

PT-2026-51110

Name of the Vulnerable Software and Affected Versions OpenBao versions prior to 2.5.5 Description Users granted namespace management capabilities within a non-root namespace can abuse the canonicalization of the literal path "root" to manage the containing namespace itself. Several endpoints unde...

PT-2026-51111

Name of the Vulnerable Software and Affected Versions OpenBao versions 2.5.2 through 2.5.4 Description An authenticated user with write access to the transit/keys/ endpoint can cause a denial-of-service by crashing the server. This occurs when a key-creation request is sent combining an asymmetri...

CVE-2026-42186

A flaw was found in OpenBao. When the initial deletion of a namespace fails, subsequent attempts to remove it do not fully clear all associated data before the namespace is marked as deleted. This can result in residual data, such as outstanding leases and unrelated storage entries, not being...

[SECURITY] Fedora 44 Update: openbao-2.5.4-1.fc44

Openbao secures, stores, and tightly controls access to tokens, passwords, certificates, API keys, and other secrets in modern computing. Openbao handles leasing, key revocation, key rolling, and auditing. Through a unified API, us ers can access an encrypted Key/Value store and network...

Fedora 44 : openbao (2026-bf7889aec6)

The remote Fedora 44 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-bf7889aec6 advisory. Update to upstream-2.5.4, including fixes for CVE-2026-46358, CVE-2026-46405, and CVE-2026-45808 Tenable has extracted the preceding description blo...

Fedora 43 : openbao (2026-d4e8f0a731)

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-d4e8f0a731 advisory. Update to upstream-2.5.4, including fixes for CVE-2026-46358, CVE-2026-46405, and CVE-2026-45808 Tenable has extracted the preceding description blo...

ROS-20260529-73-0014

The vulnerability in openbao is related to the lack of mechanisms for encoding or shielding output data. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

ROS-20260529-73-0015

The vulnerability in openbao is related to improper session management. Exploiting this vulnerability can allow a remote attacker to intercept a user’s session...

OpenBao's Kerberos Auth Method Accumulates Unaccessible Tokens

Impact In OpenBao's Kerberos auth method on the GET handler, or when an Authorization: Negotiate header is supplied, the response is includes a logical.Auth object in addition to an error message. This results in tokens being created with only the default policy, default TTL, and no entity...

GHSA-7J6W-VVW2-5F9C OpenBao's Kerberos Auth Method Accumulates Unaccessible Tokens

Impact In OpenBao's Kerberos auth method on the GET handler, or when an Authorization: Negotiate header is supplied, the response is includes a logical.Auth object in addition to an error message. This results in tokens being created with only the default policy, default TTL, and no entity...

GHSA-Q8CJ-789H-VG24 OpenBao's Inline Auth Incorrectly Redacted Headers

Impact OpenBao's inline auth functionality incorrectly redacted audit log entries, resulting in non-auth headers being removed and auth-related headers being retained in cleartext. This requires an attacker to compromise access to the audit device. Operators should review leaked source...

OpenBao's Inline Auth Incorrectly Redacted Headers

Impact OpenBao's inline auth functionality incorrectly redacted audit log entries, resulting in non-auth headers being removed and auth-related headers being retained in cleartext. This requires an attacker to compromise access to the audit device. Operators should review leaked source...