CVE-2026-43914
Vaultwarden · Vaultwarden
Vaultwarden is vulnerable to improper restriction of excessive authentication attempts, which may allow attackers to conduct brute-force attacks against user accounts.
Executive summary
Vaultwarden contains a vulnerability that fails to restrict excessive authentication attempts, increasing the risk of successful brute-force attacks.
Vulnerability
This vulnerability (CWE-307) involves the failure to properly restrict excessive authentication attempts. The vulnerability is network-accessible and does not require authentication to initiate, making it a target for remote brute-force operations.
Business impact
The CVSS score of 7.3 highlights the risk of unauthorized account access. If successfully exploited, an attacker could potentially gain control of user accounts, leading to the theft of stored credentials or sensitive vault data, which carries significant reputational and security consequences for organizations relying on Vaultwarden.
Remediation
Immediate Action: Update Vaultwarden to version 1.35.4 or later to ensure proper rate limiting on authentication attempts.
Proactive Monitoring: Monitor authentication logs for repeated failed login attempts from single IP addresses or abnormal surges in login traffic.
Compensating Controls: Implement multi-factor authentication (MFA) for all users and use rate-limiting features at the network edge or WAF level to block excessive authentication attempts.
Exploitation status
Public Exploit Available: No (Exploit available: unknown)
Analyst recommendation
Given the potential for automated exploitation, it is essential to patch to version 1.35.4 immediately. In addition to patching, organizations should enforce strong password policies and multi-factor authentication to provide defense-in-depth against credential-based attacks.