Plattform
rust
Komponente
vaultwarden
Behoben in
1.35.5
CVE-2026-27802 describes a privilege escalation vulnerability discovered in Vaultwarden, an unofficial Bitwarden-compatible server. This flaw allows an attacker, specifically a Manager user, to perform bulk permission updates on collections without proper authorization, leading to potential unauthorized access and data manipulation. The vulnerability impacts Vaultwarden versions prior to 1.35.4, and a patch has been released in version 1.35.4.
The primary impact of CVE-2026-27802 is the potential for unauthorized access and modification of sensitive data stored within Vaultwarden. A malicious Manager user could leverage this vulnerability to escalate their privileges and gain control over collections, effectively bypassing access controls. This could lead to data breaches, data corruption, or even complete compromise of the Vaultwarden instance. The blast radius extends to all users whose data is stored within the affected collections, as an attacker could potentially read, modify, or delete their information. While the vulnerability requires a Manager user account, the ease of privilege escalation could allow an attacker to compromise the entire system if they can obtain such an account.
CVE-2026-27802 was publicly disclosed on 2026-03-04. No known public proof-of-concept (PoC) exploits are currently available, but the vulnerability's nature suggests it could be relatively easy to exploit once a PoC is developed. The EPSS score is likely to be medium, reflecting the potential impact and the requirement for a Manager account. It is not currently listed on the CISA KEV catalog.
Organizations and individuals relying on Vaultwarden for password management are at risk, particularly those with multiple Manager users or those who have not implemented strong access controls. Shared hosting environments where Vaultwarden instances are deployed alongside other applications are also at increased risk, as a compromise of one application could potentially lead to exploitation of this vulnerability.
• linux / server: Monitor Vaultwarden logs for unusual permission update requests originating from Manager accounts. Use journalctl -u vaultwarden to filter for relevant log entries.
journalctl -u vaultwarden | grep "permission update" | grep "Manager"• generic web: Monitor access logs for requests targeting the permission update endpoint. Look for requests originating from unusual IP addresses or user agents. Use curl to test endpoint exposure.
curl -v <vaultwarden_url>/api/v1/collections/<collection_id>/permissionsdisclosure
Exploit-Status
EPSS
0.04% (14% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2026-27802 is to immediately upgrade Vaultwarden to version 1.35.4 or later. If an upgrade is not immediately feasible due to compatibility concerns or system downtime constraints, consider implementing stricter access controls for Manager users. This could involve multi-factor authentication (MFA) for Manager accounts and regular audits of user permissions. While a WAF or proxy cannot directly prevent this vulnerability, it can help detect and block suspicious activity related to permission updates. After upgrading, verify the fix by attempting to perform a bulk permission update as a Manager user; the operation should be denied.
Aktualisieren Sie Vaultwarden auf Version 1.35.4 oder höher. Diese Version enthält die Korrektur für die Privilege Escalation-Vulnerabilität.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2026-27802 is a HIGH severity vulnerability in Vaultwarden versions ≤ 1.35.4 that allows a Manager user to escalate privileges and potentially gain unauthorized access to collections.
If you are running Vaultwarden version 1.35.4 or earlier, you are affected by this vulnerability. Upgrade to version 1.35.4 to mitigate the risk.
The recommended fix is to upgrade Vaultwarden to version 1.35.4 or later. If an upgrade is not immediately possible, implement stricter access controls for Manager users.
There are currently no confirmed reports of active exploitation, but the vulnerability's nature suggests it could be exploited once a proof-of-concept is developed.
Refer to the Vaultwarden GitHub repository for the latest security advisories and updates: [https://github.com/vaultwarden/vaultwarden](https://github.com/vaultwarden/vaultwarden)
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.
Lade deine Cargo.lock-Datei hoch und wir sagen dir sofort, ob du betroffen bist.