CVE-2026-27802

Опубликовано: 04 мар. 2026

Источник: nvd

CVSS3: 8.3

EPSS Низкий

Описание

Vaultwarden is an unofficial Bitwarden compatible server written in Rust, formerly known as bitwarden_rs. Prior to version 1.35.4, there is a privilege escalation vulnerability via bulk permission update to unauthorized collections by Manager. This issue has been patched in version 1.35.4.

Ссылки

https://github.com/dani-garcia/vaultwarden/security/advisories/GHSA-r32r-j5jq-3w4m
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:dani-garcia:vaultwarden:*:*:*:*:*:*:*:*

Версия до 1.35.4 (исключая)

EPSS

Процентиль: 14%

0.00045

Низкий

8.3 High

CVSS3

Дефекты

CWE-269

Связанные уязвимости

CVE-2026-27802

CVSS3: 8.1

redhat

23 дня назад

CVE-2026-27802

CVSS3: 8.3

debian

23 дня назад

Vaultwarden is an unofficial Bitwarden compatible server written in Ru ...

GHSA-r32r-j5jq-3w4m

CVSS3: 8.3

github

23 дня назад

Vaultwarden has Privilege Escalation via Bulk Permission Update to Unauthorized Collections by Manager

EPSS

Процентиль: 14%

0.00045

Низкий

8.3 High

CVSS3

Дефекты

CWE-269