6 matches found
CVE-2026-43913
Vaultwarden is a Bitwarden-compatible server written in Rust. Prior to 1.35.5, Vaultwarden allows an unconfirmed organization owner to purge the entire organization vault. The organization invite flow uses a two-step process: accepting an invite transitions membership from Invited to Accepted, an...
CVE-2026-43913 Vaultwarden: Unconfirmed Owner Can Purge Entire Organization Vault
Vaultwarden is a Bitwarden-compatible server written in Rust. Prior to 1.35.5, Vaultwarden allows an unconfirmed organization owner to purge the entire organization vault. The organization invite flow uses a two-step process: accepting an invite transitions membership from Invited to Accepted, an...
CVE-2026-43913
Vaultwarden is a Bitwarden-compatible server written in Rust. Prior to 1.35.5, Vaultwarden allows an unconfirmed organization owner to purge the entire organization vault. The organization invite flow uses a two-step process: accepting an invite transitions membership from Invited to Accepted, an...
CVE-2026-43913
Vaultwarden is a Bitwarden-compatible server written in Rust. Prior to 1.35.5, Vaultwarden allows an unconfirmed organization owner to purge the entire organization vault. The organization invite flow uses a two-step process: accepting an invite transitions membership from Invited to Accepted, an...
CVE-2026-43913 Vaultwarden: Unconfirmed Owner Can Purge Entire Organization Vault
Vaultwarden is a Bitwarden-compatible server written in Rust. Prior to 1.35.5, Vaultwarden allows an unconfirmed organization owner to purge the entire organization vault. The organization invite flow uses a two-step process: accepting an invite transitions membership from Invited to Accepted, an...
CVE-2026-43913
Vaultwarden (Rust) prior to 1.35.5 exposes a data-loss risk where an authenticated user who is an unconfirmed organization owner can purge the entire organization vault via POST /api/ciphers/purge. The purge check incorrectly validates only membership type Owner, not Confirmed status, allowing a ...