PT-2026-33885 · Openbao+1 · Openbao+1

Published

2026-04-21

Updated

2026-05-27

CVE-2026-40264

CVSS v3.1

2.7

Low

Vector

AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L

Name of the Vulnerable Software and Affected Versions OpenBao versions prior to 2.5.3

Description OpenBao is an open source identity-based secrets management system that utilizes namespaces for multi-tenant separation. A flaw exists where a tenant that leaks token accessors may have their token revoked or renewed by a privileged administrator from a different tenant.

Recommendations Update to version 2.5.3.

Fix

DoS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-1259

Related Identifiers

CVE-2026-40264

GHSA-P49J-V9WC-WG57

OPENSUSE-SU-2026:10594-1

Affected Products

Openbao

Red Os

PT-2026-33885 · Openbao+1 · Openbao+1

CVE-2026-40264

Weakness Enumeration

Related Identifiers

Affected Products

References · 19