CVE-2026-47158
CVE-2026-47158 – Vaultwarden (Rust) : A CSRF flaw in Vaultwarden’s SSO authorization flow prior to 1.36.0 allowed an unauthenticated attacker to induce IdP authentication and redeem tokens for a fully authenticated session. The root causes include: the OAuth state parameter from /connect/authoriz...