Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 496
Alerts This Week
Warning Icon 1 496

Fedora 43 openbao Security Update 2026-41918b2b57 CVE Fixes DoS

fedora
Calendar Grey May 1, 2026
Scroller Fedora
Update openbao on Fedora 43 to fix critical issues including DoS and unauthorized token management vulnerabilities.
Update to upstream 2.5.3, fix CVE-2026-34986, CVE-2026-39388, CVE-2026-39396, CVE-2026-40264

Summary

Openbao secures, stores, and tightly controls access to tokens, passwords,

certificates, API keys, and other secrets in modern computing. Openbao handles

leasing, key revocation, key rolling, and auditing. Through a unified API, users

can access an encrypted Key/Value store and network encryption-as-a-service, or

generate AWS IAM/STS credentials, SQL/NoSQL databases, X.509 certificates, SSH

credentials, and more.

Update Information:

Update to upstream 2.5.3, fix CVE-2026-34986, CVE-2026-39388, CVE-2026-39396, CVE-2026-40264

Change Log

* Tue Apr 21 2026 Dave Dykstra <2129743+DrDaveD@users.noreply.github.com> - 2.5.3-1 - update to upstream 2.5.3

References


[ 1 ] Bug #2455630 - CVE-2026-34986 openbao: Go JOSE: Denial of Service via crafted JSON Web Encryption (JWE) object [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2455630 [ 2 ] Bug #2459846 - openbao-2.5.3 is available https://bugzilla.redhat.com/show_bug.cgi?id=2459846 [ 3 ] Bug #2460057 - CVE-2026-39388 openbao: OpenBao: Token renewal vulnerability via incorrect certificate matching in Certificate authentication. [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2460057 [ 4 ] Bug #2460059 - CVE-2026-39396 openbao: OpenBao: Denial of Service via decompression bomb in OCI plugin extraction [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2460059 [ 5 ] Bug #2460061 - CVE-2026-40264 openbao: OpenBao: Unauthorized token management by privileged administrator [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2460061

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-41918b2b57' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
critical
Lowest
Low
Medium
High
Critical

Name: openbao
Product: Fedora 43
Version: 2.5.3
Release: 1.fc43
Summary: A tool for securely accessing secrets

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.