CVE-2026-43912

dani-garcia · vaultwarden

Vaultwarden is affected by an improper authorization vulnerability that allows highly privileged users to bypass security constraints, potentially compromising the entire server environment.

Executive summary

An improper authorization flaw in Vaultwarden versions prior to 1.35.5 permits high-privilege users to bypass security boundaries, creating a critical risk of full server compromise.

Vulnerability

This vulnerability is classified as CWE-285 (Improper Authorization). It allows a user with high privileges to execute actions or access resources outside their intended scope by exploiting flaws in the authorization enforcement mechanism.

Business impact

With a CVSS score of 8.7 (High), this vulnerability is severe because it allows for cross-security-boundary operations. Successful exploitation could lead to complete administrative compromise of the password server, resulting in the total loss of confidentiality and integrity for all stored secrets.

Remediation

Immediate Action: Update Vaultwarden to version 1.35.5 or later immediately to resolve the authorization bypass.

Proactive Monitoring: Conduct a thorough audit of administrative logs and user activity to ensure that no unauthorized configuration changes or data exports have occurred.

Compensating Controls: Restrict access to the management interface to internal, trusted networks and implement multi-factor authentication (MFA) to prevent unauthorized credential usage.

Exploitation status

Public Exploit Available: No (No confirmed public exploit exists in curated sources).

Analyst recommendation

The severity of this vulnerability, combined with the existence of a proof-of-concept, makes rapid remediation essential. Organizations must update their Vaultwarden instances to version 1.35.5 immediately to prevent potential exploitation and maintain the security of their stored secrets.