CVE-2026-39946

Name of the Vulnerable Software and Affected Versions OpenBao versions prior to 2.5.3

Description OpenBao is an open source identity-based secrets management system. In the PostgreSQL database secrets engine, the system fails to use proper database quoting on schema names provided by PostgreSQL when revoking privileges on a role. This flaw can result in role revocation failures or, in rare cases, SQL injection as the management user.

Recommendations Update to version 2.5.3. Audit table schemas and ensure database users cannot create new schemas or grant privileges on them.