CVE-2026-47160 in Vaultwarden
Summary
by MITRE • 07/15/2026
Vaultwarden is a Bitwarden-compatible server written in Rust. Prior to 1.36.0, Vaultwarden's /icons/{domain}/icon.png endpoint used src/http_client.rs checks including should_block_address() and post_resolve() that missed decimal, hexadecimal, and octal IP representations, allowing SSRF through the icon-fetching HTTP client for blind internal network or port discovery. This issue is fixed in version 1.36.0.
If you want to get best quality of vulnerability data, you may have to visit VulDB.
Analysis
by VulDB Data Team • 07/15/2026
The vulnerability identified in Vaultwarden versions prior to 1.36.0 represents a critical server-side request forgery flaw that undermines the security boundaries of the application's icon fetching functionality. This weakness resides within the /icons/{domain}/icon.png endpoint which serves as a mechanism for retrieving website icons to display in the user interface. The vulnerability stems from insufficient input validation in the HTTP client implementation located in src/http_client.rs, specifically within the should_block_address() and post_resolve() functions that are responsible for filtering potentially malicious IP address representations.
The technical flaw manifests through the inadequate handling of numeric IP address formats, where the validation logic fails to properly recognize and block decimal, hexadecimal, and octal representations of IP addresses. This oversight allows attackers to craft malicious requests that bypass the intended security checks, enabling them to make HTTP requests to internal network resources that would normally be restricted. The vulnerability specifically affects the icon fetching process where users can provide domain names or URLs, but the underlying HTTP client does not properly sanitize all possible numeric representations of IP addresses.
This issue creates significant operational impact by enabling blind internal network discovery and port scanning capabilities for attackers. Through carefully crafted requests to the vulnerable endpoint, threat actors can perform reconnaissance against internal systems without direct network access, potentially identifying open ports, services, or vulnerabilities within the organization's network infrastructure. The blind nature of this attack means that attackers cannot directly observe responses from internal systems but can infer information through timing variations or other indirect indicators, making detection more challenging.
The vulnerability aligns with CWE-918, which covers server-side request forgery vulnerabilities, and maps to ATT&CK technique T1046 for network service discovery. Organizations using Vaultwarden versions prior to 1.36.0 face increased risk of internal reconnaissance attacks that could lead to more severe exploitation attempts. The fix implemented in version 1.36.0 addresses this by enhancing the IP address validation logic to properly handle and block all numeric representations of IP addresses, ensuring that the HTTP client maintains proper security boundaries during icon fetching operations.
Security mitigations for this vulnerability include immediate upgrade to Vaultwarden version 1.36.0 or later, implementation of network-level firewalls to restrict outbound connections from the Vaultwarden server, and monitoring for anomalous requests to the icon endpoint. Organizations should also consider implementing additional input validation layers and regular security assessments of HTTP client implementations to prevent similar issues in other components. The vulnerability demonstrates the importance of comprehensive IP address parsing and validation in security-critical applications that handle external network requests.