Lucene search
+L

4 matches found

cvelist
cvelist
added 2026/06/25 7:9 p.m.21 views

CVE-2026-57521 Bitwarden Server < 2026.5.0 Broken Access Control via PreviewInvoiceController

Bitwarden Server before 2026.5.0 contains a broken access control vulnerability that allows any authenticated user to access arbitrary organization billing data by supplying an arbitrary organizationId to the PreviewInvoiceController endpoints without membership or authorization checks. Attackers...

5.3CVSS0.00248EPSS
Exploits1References5
euvd
euvd
added 2026/06/25 7:9 p.m.9 views

EUVD-2026-39542

Bitwarden Server before 2026.5.0 contains a broken access control vulnerability that allows any authenticated user to access arbitrary organization billing data by supplying an arbitrary organizationId to the PreviewInvoiceController endpoints without membership or authorization checks. Attackers...

5.3CVSS6AI score0.00248EPSS
Exploits1References5
cve
cve
added 2026/06/25 7:9 p.m.23 views

CVE-2026-57521

Bitwarden Server (pre-2026.5.0) has a broken access control in PreviewInvoiceController: any authenticated user can supply an arbitrary organizationId to access that organization’s billing data without membership checks. The issue stems from the missing ManageOrganizationBillingRequirement on the...

5.3CVSS6AI score0.00248EPSS
Exploits1References5Affected Software1
ptsecurity
ptsecurity
added 2026/06/25 12:0 a.m.9 views

PT-2026-52575

Name of the Vulnerable Software and Affected Versions Bitwarden Server versions prior to 2026.5.0 Description Broken access control allows any authenticated user to access arbitrary organization billing data. By supplying an arbitrary organizationId to the PreviewInvoiceController endpoints, an...

5.3CVSS5.9AI score0.00248EPSS
Exploits1References9
Rows per page
Query Builder