Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

openbao — Vulnerabilities & Security Advisories 20

Browse all 20 CVE security advisories affecting openbao. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by openbao:openbaoopenbao-plugins
CVE IDTitleCVSSSeverityPublished
CVE-2026-40264 OpenBao's Token Store Allows Cross-Namespace Renewal, Revocation — openbaoCWE-1259 8.1AIHighAI2026-04-21
CVE-2026-39396 OpenBao has Decompression Bomb via Unbounded Copy in OCI Plugin Extraction (DoS) — openbaoCWE-400 3.1 Low2026-04-21
CVE-2026-39388 OpenBao's Certificate Authentication Allows Token Renewal With Different Certificate — openbaoCWE-295 7.5AIHighAI2026-04-21
CVE-2026-39946 OpenBao allows SQL Injection in PostgreSQL database secrets engine — openbaoCWE-89 8.8 -2026-04-21
CVE-2026-33758 OpenBao has Reflected XSS in its OIDC authentication error message — openbaoCWE-20 6.1 -2026-03-27
CVE-2026-33757 OpenBao lacks user confirmation for OIDC direct callback mode — openbaoCWE-384 9.6 Critical2026-03-27
CVE-2025-64761 OpenBao Privileged Operator Identity Group Root Escalation — openbaoCWE-266 7.2AIHighAI2025-11-25
CVE-2025-59048 OpenBao AWS Plugin Vulnerable to Cross-Account IAM Role Impersonation in AWS Auth Method — openbao-pluginsCWE-863 8.1 High2025-10-23
CVE-2025-62705 OpenBao and Vault Leak []byte Fields in Audit Logs — openbaoCWE-532 7.5AIHighAI2025-10-22
CVE-2025-62513 OpenBao leaks HTTPRawBody in Audit Logs — openbaoCWE-532 7.5AIHighAI2025-10-22
CVE-2025-59043 OpenBao vulnerable to denial of service via malicious JSON request processing — openbaoCWE-400 7.5 High2025-10-17
CVE-2025-55003 OpenBao Login MFA Bypasses Rate Limiting and TOTP Token Reuse — openbaoCWE-307 5.7 Medium2025-08-09
CVE-2025-55001 OpenBao LDAP MFA Enforcement Bypass When Using Username As Alias — openbaoCWE-156 6.5 Medium2025-08-09
CVE-2025-55000 OpenBao TOTP Secrets Engine Enables Code Reuse — openbaoCWE-156 6.5 Medium2025-08-09
CVE-2025-54999 OpenBao: Timing Side-Channel in Userpass Auth Method — openbaoCWE-203 3.7 Low2025-08-09
CVE-2025-54998 OpenBao Userpass and LDAP User Lockout Bypass — openbaoCWE-307 5.3 Medium2025-08-09
CVE-2025-54997 OpenBao: Privileged Operator May Execute Code on the Underlying Host — openbaoCWE-94 9.1 Critical2025-08-09
CVE-2025-54996 OpenBao Root Namespace Operator May Elevate Token Privileges — openbaoCWE-269 7.2 High2025-08-09
CVE-2025-52894 OpenBao Vulnerable to Unauthenticated Rekey Operation Cancellation — openbaoCWE-20 7.5AIHighAI2025-06-25
CVE-2025-52893 OpenBao May Leak Sensitive Information in Logs When Processing Malformed Data — openbaoCWE-532 4.5 Medium2025-06-25

This page lists every published CVE security advisory associated with openbao. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.