Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

openbao — Vulnerabilities & Security Advisories 19

All 19 CVE vulnerabilities found in openbao, with AI-generated Chinese analysis, references, and POCs.

Vendor: openbao

CVE IDTitleCVSSSeverityPublished
CVE-2026-40264 OpenBao's Token Store Allows Cross-Namespace Renewal, Revocation CWE-1259 8.1AIHighAI2026-04-21
CVE-2026-39396 OpenBao has Decompression Bomb via Unbounded Copy in OCI Plugin Extraction (DoS) CWE-400 3.1 Low2026-04-21
CVE-2026-39388 OpenBao's Certificate Authentication Allows Token Renewal With Different Certificate CWE-295 7.5AIHighAI2026-04-21
CVE-2026-39946 OpenBao allows SQL Injection in PostgreSQL database secrets engine CWE-89 8.8 -2026-04-21
CVE-2026-33758 OpenBao has Reflected XSS in its OIDC authentication error message CWE-20 6.1 -2026-03-27
CVE-2026-33757 OpenBao lacks user confirmation for OIDC direct callback mode CWE-384 9.6 Critical2026-03-27
CVE-2025-64761 OpenBao Privileged Operator Identity Group Root Escalation CWE-266 7.2AIHighAI2025-11-25
CVE-2025-62705 OpenBao and Vault Leak []byte Fields in Audit Logs CWE-532 7.5AIHighAI2025-10-22
CVE-2025-62513 OpenBao leaks HTTPRawBody in Audit Logs CWE-532 7.5AIHighAI2025-10-22
CVE-2025-59043 OpenBao vulnerable to denial of service via malicious JSON request processing CWE-400 7.5 High2025-10-17
CVE-2025-55003 OpenBao Login MFA Bypasses Rate Limiting and TOTP Token Reuse CWE-307 5.7 Medium2025-08-09
CVE-2025-55001 OpenBao LDAP MFA Enforcement Bypass When Using Username As Alias CWE-156 6.5 Medium2025-08-09
CVE-2025-55000 OpenBao TOTP Secrets Engine Enables Code Reuse CWE-156 6.5 Medium2025-08-09
CVE-2025-54999 OpenBao: Timing Side-Channel in Userpass Auth Method CWE-203 3.7 Low2025-08-09
CVE-2025-54998 OpenBao Userpass and LDAP User Lockout Bypass CWE-307 5.3 Medium2025-08-09
CVE-2025-54997 OpenBao: Privileged Operator May Execute Code on the Underlying Host CWE-94 9.1 Critical2025-08-09
CVE-2025-54996 OpenBao Root Namespace Operator May Elevate Token Privileges CWE-269 7.2 High2025-08-09
CVE-2025-52894 OpenBao Vulnerable to Unauthenticated Rekey Operation Cancellation CWE-20 7.5AIHighAI2025-06-25
CVE-2025-52893 OpenBao May Leak Sensitive Information in Logs When Processing Malformed Data CWE-532 4.5 Medium2025-06-25

All 19 known CVE vulnerabilities affecting openbao with full Chinese analysis, references, and POCs where available.