{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-27801", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-02-24T02:31:33.266Z", "datePublished": "2026-03-04T21:32:14.614Z", "dateUpdated": "2026-03-05T15:30:50.274Z"}, "containers": {"cna": {"title": "Vaultwarden: 2FA Bypass on Protected Actions due to Faulty Rate Limit Enforcement", "problemTypes": [{"descriptions": [{"cweId": "CWE-307", "lang": "en", "description": "CWE-307: Improper Restriction of Excessive Authentication Attempts", "type": "CWE"}]}], "metrics": [{"cvssV4_0": {"attackVector": "NETWORK", "attackComplexity": "HIGH", "attackRequirements": "PRESENT", "privilegesRequired": "LOW", "userInteraction": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "HIGH", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "baseScore": 6, "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N", "version": "4.0"}}], "references": [{"name": "https://github.com/dani-garcia/vaultwarden/security/advisories/GHSA-v6pg-v89r-w8wr", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/dani-garcia/vaultwarden/security/advisories/GHSA-v6pg-v89r-w8wr"}], "affected": [{"vendor": "dani-garcia", "product": "vaultwarden", "versions": [{"version": "< 1.35.0", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-03-04T21:32:14.614Z"}, "descriptions": [{"lang": "en", "value": "Vaultwarden is an unofficial Bitwarden compatible server written in Rust, formerly known as bitwarden_rs. Vaultwarden versions 1.34.3 and prior are susceptible to a 2FA bypass when performing protected actions. An attacker who gains authenticated access to a user\u2019s account can exploit this bypass to perform protected actions such as accessing the user\u2019s API key or deleting the user\u2019s vault and organisations the user is an admin/owner of . This issue has been patched in version 1.35.0."}], "source": {"advisory": "GHSA-v6pg-v89r-w8wr", "discovery": "UNKNOWN"}}, "adp": [{"references": [{"url": "https://github.com/dani-garcia/vaultwarden/security/advisories/GHSA-v6pg-v89r-w8wr", "tags": ["exploit"]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-05T15:30:47.611803Z", "id": "CVE-2026-27801", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-05T15:30:50.274Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-27801", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-05T15:30:47.611803Z"}}}], "references": [{"url": "https://github.com/dani-garcia/vaultwarden/security/advisories/GHSA-v6pg-v89r-w8wr", "tags": ["exploit"]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-05T15:30:41.252Z"}}], "cna": {"title": "Vaultwarden: 2FA Bypass on Protected Actions due to Faulty Rate Limit Enforcement", "source": {"advisory": "GHSA-v6pg-v89r-w8wr", "discovery": "UNKNOWN"}, "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 6, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N", "userInteraction": "NONE", "attackComplexity": "HIGH", "attackRequirements": "PRESENT", "privilegesRequired": "LOW", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "LOW"}}], "affected": [{"vendor": "dani-garcia", "product": "vaultwarden", "versions": [{"status": "affected", "version": "< 1.35.0"}]}], "references": [{"url": "https://github.com/dani-garcia/vaultwarden/security/advisories/GHSA-v6pg-v89r-w8wr", "name": "https://github.com/dani-garcia/vaultwarden/security/advisories/GHSA-v6pg-v89r-w8wr", "tags": ["x_refsource_CONFIRM"]}], "descriptions": [{"lang": "en", "value": "Vaultwarden is an unofficial Bitwarden compatible server written in Rust, formerly known as bitwarden_rs. Vaultwarden versions 1.34.3 and prior are susceptible to a 2FA bypass when performing protected actions. An attacker who gains authenticated access to a user\u2019s account can exploit this bypass to perform protected actions such as accessing the user\u2019s API key or deleting the user\u2019s vault and organisations the user is an admin/owner of . This issue has been patched in version 1.35.0."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-307", "description": "CWE-307: Improper Restriction of Excessive Authentication Attempts"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-03-04T21:32:14.614Z"}}}, "cveMetadata": {"cveId": "CVE-2026-27801", "state": "PUBLISHED", "dateUpdated": "2026-03-05T15:30:50.274Z", "dateReserved": "2026-02-24T02:31:33.266Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-03-04T21:32:14.614Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:dani-garcia:vaultwarden:*:*:*:*:*:*:*:*", "matchCriteriaId": "7E2621A9-90DC-46B4-950C-FAC2EE6A6A50", "versionEndExcluding": "1.35.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Vaultwarden is an unofficial Bitwarden compatible server written in Rust, formerly known as bitwarden_rs. Vaultwarden versions 1.34.3 and prior are susceptible to a 2FA bypass when performing protected actions. An attacker who gains authenticated access to a user\u2019s account can exploit this bypass to perform protected actions such as accessing the user\u2019s API key or deleting the user\u2019s vault and organisations the user is an admin/owner of . This issue has been patched in version 1.35.0."}], "id": "CVE-2026-27801", "lastModified": "2026-03-06T19:45:34.347", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 1.6, "impactScore": 4.2, "source": "[email protected]", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "HIGH", "attackRequirements": "PRESENT", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 6.0, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "[email protected]", "type": "Secondary"}]}, "published": "2026-03-04T22:16:17.897", "references": [{"source": "[email protected]", "tags": ["Exploit", "Mitigation", "Vendor Advisory"], "url": "https://github.com/dani-garcia/vaultwarden/security/advisories/GHSA-v6pg-v89r-w8wr"}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Exploit", "Mitigation", "Vendor Advisory"], "url": "https://github.com/dani-garcia/vaultwarden/security/advisories/GHSA-v6pg-v89r-w8wr"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-307"}], "source": "[email protected]", "type": "Secondary"}]}

{"bugzilla": {"description": "vaultwarden: Vaultwarden: Two-factor authentication bypass allows unauthorized access and data deletion.", "id": "2444677", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2444677"}, "csaw": false, "cvss3": {"cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "draft"}, "cwe": "CWE-307", "details": ["No description is available for this CVE."], "name": "CVE-2026-27801", "public_date": "2026-03-04T21:32:14Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-27801\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-27801\nhttps://github.com/dani-garcia/vaultwarden/security/advisories/GHSA-v6pg-v89r-w8wr"], "statement": "This MODERATE vulnerability allows an authenticated attacker to bypass 2FA for protected actions via faulty rate limiting. Exploitation requires network access and low privileges (valid account). Impact includes high confidentiality loss (API key exposure), high integrity loss (vault/org deletion), and high availability loss (data destruction). Red Hat ships Vaultwarden in its community products.", "threat_severity": "Moderate"}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,1.35.0)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "vaultwarden", "source": "cna", "vendor": "dani-garcia"}, "product": "vaultwarden", "vendor": "dani-garcia"}], "created": "2026-03-05T09:05:45.986412+00:00", "updated": "2026-03-05T09:05:45.986485+00:00", "vendors": ["dani-garcia", "dani-garcia$PRODUCT$vaultwarden"]}