CVE-2026-43912

Name of the Vulnerable Software and Affected Versions Vaultwarden versions prior to 1.35.5

Description Vaultwarden fails to verify that organization UUID entries in group and collection management are consistent. Specifically, the server does not enforce that a groups users.users organizations uuid entry belongs to the same organization as groups.groups uuid, nor that a collections groups.collections uuid entry matches the organization of collections groups.groups uuid. This allows an attacker with administrative privileges in one organization and low-privileged access in another to bind a membership UUID from the second organization into a group in the first. By using an organization group with accessAll=true, the attacker can utilize the '/api/sync' and '/api/ciphers' endpoints to enumerate ciphers from the foreign organization. Once collection IDs are revealed, the attacker can bind those IDs to the group to obtain write access to the foreign organization's items.

Recommendations Update to version 1.35.5.