CVE-2026-47158

dani-garcia · vaultwarden

Vaultwarden is affected by a Cross-Site Request Forgery vulnerability that could permit unauthorized actions if a user is tricked into performing a malicious request.

Executive summary

A high-severity Cross-Site Request Forgery vulnerability in the Vaultwarden server could allow an attacker to perform unauthorized actions on behalf of a logged-in user.

Vulnerability

The software is vulnerable to Cross-Site Request Forgery (CWE-352), which allows an unauthenticated attacker to trick a user into executing unintended actions within the Vaultwarden application.

Business impact

The CVSS score of 8.3 reflects the high risk posed by this vulnerability. Successful exploitation could compromise sensitive credentials stored within the Vaultwarden server, leading to widespread unauthorized access to other protected systems and services managed by the compromised accounts.

Remediation

Immediate Action: Update the Vaultwarden server to version 1.36.0 or later immediately.

Proactive Monitoring: Review web server logs for suspicious requests that originate from external sites or unexpected sources.

Compensating Controls: Ensure that SameSite cookie attributes are strictly enforced and consider utilizing a WAF to filter out potential CSRF attack vectors.

Exploitation status

Public Exploit Available: No (exploit_available: false)

Analyst recommendation

Because this vulnerability targets a password management server, the risk of data compromise is extremely high. Operators must apply the update to version 1.36.0 as soon as possible to protect the integrity of the stored credentials.