PT-2026-60203 · Dani Garcia · Vaultwarden

Published

2026-07-15

·

Updated

2026-07-15

·

CVE-2026-47160

CVSS v3.1

5.8

Medium

VectorAV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
Vaultwarden is a Bitwarden-compatible server written in Rust. Prior to 1.36.0, Vaultwarden's /icons/{domain}/icon.png endpoint used src/http client.rs checks including should block address() and post resolve() that missed decimal, hexadecimal, and octal IP representations, allowing SSRF through the icon-fetching HTTP client for blind internal network or port discovery. This issue is fixed in version 1.36.0.

Exploit

Fix

SSRF

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-47160

Affected Products

Vaultwarden