Home

Description

Vaultwarden is an unofficial Bitwarden compatible server written in Rust, formerly known as bitwarden_rs. Prior to version 1.35.4, an authenticated regular user can specify another user’s cipher_id and call "PUT /api/ciphers/{id}/partial" Even though the standard retrieval API correctly denies access to that cipher, the partial update endpoint returns 200 OK and exposes cipherDetails (including name, notes, data, secureNote, etc.). This issue has been patched in version 1.35.4.

PUBLISHED Reserved 2026-02-24 | Published 2026-03-04 | Updated 2026-03-05 | Assigner GitHub_M




MEDIUM: 5.4CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

Problem types

CWE-639: Authorization Bypass Through User-Controlled Key

Product status

< 1.35.4
affected

References

github.com/...warden/security/advisories/GHSA-w9f8-m526-h7fh

cve.org (CVE-2026-27898)

nvd.nist.gov (CVE-2026-27898)

Download JSON