Lucene search
K

6 matches found

EUVD
EUVD
added 2026/05/11 10:1 p.m.9 views

EUVD-2026-29341

Vaultwarden is a Bitwarden-compatible server written in Rust. Prior to 1.35.5, Vaultwarden allows an unconfirmed organization owner to purge the entire organization vault. The organization invite flow uses a two-step process: accepting an invite transitions membership from Invited to Accepted, an...

8.1CVSS5.8AI score0.00267EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/05/11 10:1 p.m.39 views

CVE-2026-43913 Vaultwarden: Unconfirmed Owner Can Purge Entire Organization Vault

Vaultwarden is a Bitwarden-compatible server written in Rust. Prior to 1.35.5, Vaultwarden allows an unconfirmed organization owner to purge the entire organization vault. The organization invite flow uses a two-step process: accepting an invite transitions membership from Invited to Accepted, an...

8.1CVSS0.00267EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/05/11 10:1 p.m.9 views

CVE-2026-43913 Vaultwarden: Unconfirmed Owner Can Purge Entire Organization Vault

Vaultwarden is a Bitwarden-compatible server written in Rust. Prior to 1.35.5, Vaultwarden allows an unconfirmed organization owner to purge the entire organization vault. The organization invite flow uses a two-step process: accepting an invite transitions membership from Invited to Accepted, an...

8.1CVSS5.8AI score0.00267EPSS
Exploits1References1
AlpineLinux
AlpineLinux
added 2026/05/11 10:1 p.m.8 views

CVE-2026-43913

Vaultwarden is a Bitwarden-compatible server written in Rust. Prior to 1.35.5, Vaultwarden allows an unconfirmed organization owner to purge the entire organization vault. The organization invite flow uses a two-step process: accepting an invite transitions membership from Invited to Accepted, an...

8.1CVSS5.8AI score0.00267EPSS
Exploits1References1
CVE
CVE
added 2026/05/11 10:1 p.m.72 views

CVE-2026-43913

Vaultwarden (Rust) prior to 1.35.5 exposes a data-loss risk where an authenticated user who is an unconfirmed organization owner can purge the entire organization vault via POST /api/ciphers/purge. The purge check incorrectly validates only membership type Owner, not Confirmed status, allowing a ...

8.1CVSS5.8AI score0.00267EPSS
Exploits1References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/11 12:0 a.m.13 views

PT-2026-39863

Name of the Vulnerable Software and Affected Versions Vaultwarden versions prior to 1.35.5 Description Vaultwarden allows an unconfirmed organization owner to purge the entire organization vault. The issue exists because the 'POST /api/ciphers/purge' endpoint verifies that a user has the Owner...

8.1CVSS5.8AI score0.00267EPSS
Exploits1References3
Rows per page
Query Builder