OpenBao's Certificate Authentication Allows Token Renewal With Different Certificate

Background OpenBao's Certificate authentication method, when a token renewal is requested and disablebinding=true is set, attempts to verify the current request's presented mTLS certificate matches the original. Token renewals for other authentication methods do not require any supplied login...

CVE-2026-39388

OpenBao is an open source identity-based secrets management system. Prior to version 2.5.3, OpenBao's Certificate authentication method, when a token renewal is requested and disablebinding=true is set, attempts to verify the current request's presented mTLS certificate matches the original. Toke...

CVE-2026-39388 OpenBao's Certificate Authentication Allows Token Renewal With Different Certificate

OpenBao is an open source identity-based secrets management system. Prior to version 2.5.3, OpenBao's Certificate authentication method, when a token renewal is requested and disablebinding=true is set, attempts to verify the current request's presented mTLS certificate matches the original. Toke...

Notepad++ Fixes Hijacked Update Mechanism Used to Deliver Targeted Malware

Notepad++ has released a security fix to plug gaps that were exploited by an advanced threat actor from China to hijack the software update mechanism to selectively deliver malware to targets of interest. The version 8.9.2 update incorporates what maintainer Don Ho calls a "double lock" design th...

KLA10461 Security bypass vulnerability in multiple products

Using of the same certificate was found in multiple products. By exploiting this vulnerability malicious users bypass security restrictions. This vulnerability can be exploited remotely via a man-in-the-middle attack. Original advisories - Related products VisualDiscovery CVE list CVE-2015-2077...