PT-2026-60204 · Dani Garcia · Vaultwarden

Published

2026-07-15

·

Updated

2026-07-15

·

CVE-2026-47164

CVSS v3.1

7.7

High

VectorAV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L
Vaultwarden is a Bitwarden-compatible server written in Rust. Prior to 1.36.0, Vaultwarden's SSO login flow checked the IdP email verified claim only for new-user creation and not when SSO SIGNUPS MATCH EMAIL=true linked an IdP identity to an existing local account, allowing an attacker-controlled IdP identity asserting a victim email address to bind to and authenticate as that account. This issue is fixed in version 1.36.0.

Fix

Improper Access Control

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-47164

Affected Products

Vaultwarden