cbcvebase.
CVE-2026-27803
published 2026-03-04

CVE-2026-27803: Vaultwarden is an unofficial Bitwarden compatible server written in Rust, formerly known as bitwarden_rs. Prior to version 1.35.4, when a Manager has…

PriorityP351high8.3CVSS 3.1
AVNACLPRLUINSUCHIHAL
EPSS
0.29%
20.3th percentile
Vaultwarden is an unofficial Bitwarden compatible server written in Rust, formerly known as bitwarden_rs. Prior to version 1.35.4, when a Manager has manage=false for a given collection, they can still perform several management operations as long as they have access to the collection. This issue has been patched in version 1.35.4.

Affected

2 ranges
VendorProductVersion rangeFixed in
dani-garciavaultwarden< 1.35.41.35.4
dani-garciavaultwarden>= 0 < 1.35.41.35.4

CVSS provenance

nvdv3.18.3HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
vendor_redhat8.3HIGH
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.