Alerts This Week
Warning Icon 1 840
Alerts This Week
Warning Icon 1 840

Fedora 43 vaultwarden Critical DoS and Access Issues Fix 2026-264f9ef567

fedora
Calendar Grey June 11, 2026
Dist Fedora Esm H88
Vaultwarden update to 1.36.0 for Fedora 43 addresses several security weaknesses; critical fixes included.
update to 1.36.0

Summary

Unofficial Bitwarden compatible server.

Update Information:

update to 1.36.0

Topics%20covered

Topics Covered

security advisory denial of service fedora vulnerability authorization bypass vaultwarden

Change Log

* Wed Jun 3 2026 Jonathan Wright - 1.36.0-1 - update to 1.36.0 rhbz#2368636 - Fix bitwarden mobile app not working rhbz#2437599 - Fix CVE-2025-58160 vaultwarden: Tracing log pollution - Fix CVE-2026-25537 vaultwarden: jsonwebtoken has Type Confusion that leads to potential authorization bypass - Fix CVE-2026-25727 vaultwarden: time affected by a stack exhaustion denial of service attack - Fix CVE-2026-26012 vaultwarden: Information disclosure due to bypassed collection permissions - Fix CVE-2026-27898 vaultwarden: Information disclosure via API partial update - Fix CVE-2026-27803 vaultwarden: Unauthorized collection management operations due to improper access control - Fix CVE-2026-27801 vaultwarden: Two-factor authentication bypass allows unauthorized access and data deletion * Sat Jan 17 2026 Fedora Release Engineering - 1.34.2-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild * Tue Jul 29 2025 Jonathan Wright - 1.34.2-1 - update to 1.34.2 rhbz#2368636

References


[ 1 ] Bug #2437473 - CVE-2026-25537 vaultwarden: jsonwebtoken has Type Confusion that leads to potential authorization bypass [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2437473 [ 2 ] Bug #2438166 - CVE-2026-25727 vaultwarden: time affected by a stack exhaustion denial of service attack [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2438166 [ 3 ] Bug #2439261 - CVE-2026-26012 vaultwarden: Vaultwarden: Information disclosure due to bypassed collection permissions [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2439261

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-264f9ef567' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
critical
Lowest
Low
Medium
High
Critical

Name: vaultwarden
Product: Fedora 43
Version: 1.36.0
Release: 1.fc43
URL: https://github.com/dani-garcia/vaultwarden
Summary: Unofficial Bitwarden compatible server

Topics%20covered

Topics Covered

security advisory denial of service fedora vulnerability authorization bypass vaultwarden

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here