CVE-2026-27898 in dani-garcia vaultwardeninformação

Sumário (Inglês)

Vaultwarden is an unofficial Bitwarden compatible server written in Rust, formerly known as bitwarden_rs. Prior to version 1.35.4, an authenticated regular user can specify another user’s cipher_id and call "PUT /api/ciphers/{id}/partial" Even though the standard retrieval API correctly denies access to that cipher, the partial update endpoint returns 200 OK and exposes cipherDetails (including name, notes, data, secureNote, etc.). This issue has been patched in version 1.35.4.

Responsável

GitHub_M

Reservar

24/02/2026

Divulgação

05/03/2026

Inscrições

VulDB provides additional information and datapoints for this CVE:

ID	Vulnerabilidade	CWE	Exp	Con	CVE
348864	dani-garcia vaultwarden Standard Retrieval API partial Elevação de Privilégios	639	Não definido	Correção oficial	CVE-2026-27898

Descrição

CPE

CWE

CVSS

Explorações

História

Diferença

Relacionar

Inteligência de ameaças

API JSON

API XML

API CSV

◂ VoltarVisão GeralPróximo ▸

Do you need the next level of professionalism?

Upgrade your account now!