CVE-2026-43912: CWE-285: Improper Authorization in dani-garcia vaultwarden
Vaultwarden versions prior to 1. 35. 5 contain an improper authorization vulnerability that allows an attacker with admin privileges in one organization and low privileges in another to escalate access improperly. The flaw arises because Vaultwarden does not verify that group and collection membership entries belong to the same organization, enabling cross-organization binding of membership and collection IDs. This can lead to unauthorized read and write access to vault data across organizations. The vulnerability is identified as CWE-285 and has a CVSS score of 8. 7 (high severity). A fix is available in version 1. 35. 5.
AI Analysis
Technical Summary
Vaultwarden, a Bitwarden-compatible server, prior to version 1.35.5, fails to enforce organizational consistency checks on group and collection membership entries. Specifically, it does not verify that entries in groups_users.users_organizations_uuid correspond to the same organization as groups.groups_uuid, nor that collections_groups.collections_uuid correspond to collections_groups.groups_uuid. This allows an attacker who is an admin in Organization A and a low-privileged member in Organization B to bind their Organization B membership UUID into an Organization A group. By exploiting this, the attacker can enumerate and access Organization B's vault data through Organization A's group relationships, including reading and writing vault items. The vulnerability is fixed in Vaultwarden 1.35.5.
Potential Impact
An attacker with admin privileges in one organization and low privileges in another can bypass authorization controls to gain unauthorized read and write access to vault data in the second organization. This leads to a confidentiality and integrity breach of sensitive vault information across organizational boundaries. The CVSS score of 8.7 reflects the high impact on confidentiality and integrity, with no impact on availability.
Mitigation Recommendations
This vulnerability is fixed in Vaultwarden version 1.35.5. Users should upgrade to version 1.35.5 or later to remediate this issue. No other mitigation or temporary workaround is indicated. Patch status is confirmed by the vendor advisory stating the fix is included in version 1.35.5.
CVE-2026-43912: CWE-285: Improper Authorization in dani-garcia vaultwarden
Description
Vaultwarden versions prior to 1. 35. 5 contain an improper authorization vulnerability that allows an attacker with admin privileges in one organization and low privileges in another to escalate access improperly. The flaw arises because Vaultwarden does not verify that group and collection membership entries belong to the same organization, enabling cross-organization binding of membership and collection IDs. This can lead to unauthorized read and write access to vault data across organizations. The vulnerability is identified as CWE-285 and has a CVSS score of 8. 7 (high severity). A fix is available in version 1. 35. 5.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
Vaultwarden, a Bitwarden-compatible server, prior to version 1.35.5, fails to enforce organizational consistency checks on group and collection membership entries. Specifically, it does not verify that entries in groups_users.users_organizations_uuid correspond to the same organization as groups.groups_uuid, nor that collections_groups.collections_uuid correspond to collections_groups.groups_uuid. This allows an attacker who is an admin in Organization A and a low-privileged member in Organization B to bind their Organization B membership UUID into an Organization A group. By exploiting this, the attacker can enumerate and access Organization B's vault data through Organization A's group relationships, including reading and writing vault items. The vulnerability is fixed in Vaultwarden 1.35.5.
Potential Impact
An attacker with admin privileges in one organization and low privileges in another can bypass authorization controls to gain unauthorized read and write access to vault data in the second organization. This leads to a confidentiality and integrity breach of sensitive vault information across organizational boundaries. The CVSS score of 8.7 reflects the high impact on confidentiality and integrity, with no impact on availability.
Mitigation Recommendations
This vulnerability is fixed in Vaultwarden version 1.35.5. Users should upgrade to version 1.35.5 or later to remediate this issue. No other mitigation or temporary workaround is indicated. Patch status is confirmed by the vendor advisory stating the fix is included in version 1.35.5.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- GitHub_M
- Date Reserved
- 2026-05-04T16:11:33.086Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 6a028743cbff5d86108b5074
Added to database: 5/12/2026, 1:49:55 AM
Last enriched: 5/12/2026, 1:52:05 AM
Last updated: 5/12/2026, 3:51:37 AM
Views: 2
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.