CVE-2026-47158
dani-garcia · vaultwarden
Vaultwarden is affected by a Cross-Site Request Forgery vulnerability that could permit unauthorized actions if a user is tricked into performing a malicious request.
Executive summary
A high-severity Cross-Site Request Forgery vulnerability in the Vaultwarden server could allow an attacker to perform unauthorized actions on behalf of a logged-in user.
Vulnerability
The software is vulnerable to Cross-Site Request Forgery (CWE-352), which allows an unauthenticated attacker to trick a user into executing unintended actions within the Vaultwarden application.
Business impact
The CVSS score of 8.3 reflects the high risk posed by this vulnerability. Successful exploitation could compromise sensitive credentials stored within the Vaultwarden server, leading to widespread unauthorized access to other protected systems and services managed by the compromised accounts.
Remediation
Immediate Action: Update the Vaultwarden server to version 1.36.0 or later immediately.
Proactive Monitoring: Review web server logs for suspicious requests that originate from external sites or unexpected sources.
Compensating Controls: Ensure that SameSite cookie attributes are strictly enforced and consider utilizing a WAF to filter out potential CSRF attack vectors.
Exploitation status
Public Exploit Available: No (exploit_available: false)
Analyst recommendation
Because this vulnerability targets a password management server, the risk of data compromise is extremely high. Operators must apply the update to version 1.36.0 as soon as possible to protect the integrity of the stored credentials.