CVE-2026-27802

HIGH
2026-03-04 [email protected] GHSA-r32r-j5jq-3w4m
8.3
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
Low

Lifecycle Timeline

3
Patch Released
Mar 31, 2026 - 21:13 nvd
Patch available
Analysis Generated
Mar 12, 2026 - 22:05 vuln.today
CVE Published
Mar 04, 2026 - 22:16 nvd
HIGH 8.3

Tags

Privilege Escalation Vaultwarden Redhat

Description

Vaultwarden is an unofficial Bitwarden compatible server written in Rust, formerly known as bitwarden_rs. Prior to version 1.35.4, there is a privilege escalation vulnerability via bulk permission update to unauthorized collections by Manager. This issue has been patched in version 1.35.4.

Analysis

Vaultwarden versions before 1.35.4 contain a privilege escalation vulnerability that allows authenticated Manager-level users to modify permissions on collections they should not have access to. An attacker with Manager role can exploit this during bulk permission updates to gain unauthorized access to sensitive collections. …

Sign in for full analysis, threat intelligence, and remediation guidance.

Remediation

Within 24 hours: Audit all Manager-role users in Vaultwarden and review recent collection access logs for suspicious activity. Within 7 days: Upgrade Vaultwarden to version 1.35.4 or later once available; if unavailable, implement network access controls restricting Manager role privileges. …

Sign in for detailed remediation steps.

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Sign in - Free

Priority Score

42
Low Medium High Critical
KEV: 0
EPSS: +0.0
CVSS: +42
POC: 0

Vendor Status

Share

CVE-2026-27802 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy