CVE-2026-27898 | dani-garcia vaultwarden up to 1.35.3 Standard Retrieval API partial authorization (GHSA-w9f8-m526-h7fh)

Inserito da Angelo Barbosa | Mar 5, 2026 | CVE

A vulnerability marked as critical has been reported in dani-garcia vaultwarden up to 1.35.3. This impacts an unknown function of the file /api/ciphers/{id}/partial of the component Standard Retrieval API. The manipulation leads to authorization bypass.

This vulnerability is listed as CVE-2026-27898. The attack may be initiated remotely. There is no available exploit.

It is suggested to upgrade the affected component.

CVE-2026-27898 | dani-garcia vaultwarden up to 1.35.3 Standard Retrieval API partial authorization (GHSA-w9f8-m526-h7fh)

Post correlati

CVE-2024-0975 | brandonwamboldt Access Control Plugin up to 4.0.13 on WordPress REST API access control

CVE-2024-9815 | Codezips Tourist Management System 1.0 create-package.php packageimage unrestricted upload

CVE-2024-57630 | MonetDB Server 11.49.1 SQL exps_card denial of service (Issue 7439)

CVE-2024-53094 | Linux Kernel up to 6.6.61/6.11.8 RDMA sendpage_ok stack-based overflow (3406bfc813a9/bb5738957d92/4e1e3dd88a4c)