CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

7 matches found

NVD•added 2026/05/11 11:20 p.m.•7 views

CVE-2026-43911

Vaultwarden is a Bitwarden-compatible server written in Rust. Prior to 1.35.5, refresh tokens are not invalidated when the user's securitystamp is rotated by some security-sensitive operations password change, KDF change, key rotation, email change, org admin password reset, emergency access...

8.1CVSS0.00035EPSS

Exploits1References1

EUVD•added 2026/05/11 9:54 p.m.•2 views

EUVD-2026-29339

6.8CVSS5.8AI score0.00035EPSS

Exploits1References1

AlpineLinux•added 2026/05/11 9:54 p.m.•6 views

CVE-2026-43911

8.1CVSS5.8AI score0.00035EPSS

Exploits1References1

CVE•added 2026/05/11 9:54 p.m.•10 views

CVE-2026-43911

Vaultwarden (Rust) prior to 1.35.5 does not invalidate refresh tokens when a user’s security_stamp is rotated during security-sensitive operations (password/KDF/key rotation, email change, org admin password reset, emergency access takeover). An attacker holding a previously issued refresh token ...

8.1CVSS5.8AI score0.00035EPSS

Exploits1References1Affected Software1

ATTACKERKB•added 2026/05/11 9:54 p.m.•3 views

CVE-2026-43911

6.8CVSS5.8AI score0.00035EPSS

Exploits1References2Affected Software1

Cvelist•added 2026/05/11 9:54 p.m.•29 views

CVE-2026-43911 Vaultwarden: Refresh tokens not invalidated on security stamp rotation

6.8CVSS0.00035EPSS

Exploits1References1

Positive Technologies•added 2026/05/11 12:0 a.m.•6 views

PT-2026-39861

Name of the Vulnerable Software and Affected Versions Vaultwarden versions prior to 1.35.5 Description Refresh tokens are not invalidated when a user's security stamp is rotated during security-sensitive operations, such as password changes, KDF changes, key rotation, email changes, organization...

6.8CVSS5.8AI score0.00035EPSS

Exploits1References3

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by