SSO Metadata Exposure in Vaultwarden by Bitwarden
CVE-2026-47159
6.9MEDIUM
What is CVE-2026-47159?
Vaultwarden, a Bitwarden-compatible server built with Rust, was found to have a security flaw in its Single Sign-On (SSO) discovery and pre-validation processes. Prior to version 1.36.0, the application inadvertently exposed organization-related SSO metadata, including organizationIdentifier values associated with arbitrary email addresses. This flaw enabled an attacker to acquire valid pre-validation JSON Web Tokens (JWTs) using just the uncovered identifiers, which led to unauthorized organization enumeration and potential abuse of the authentication workflows. The issue has since been rectified in the latest release, version 1.36.0.
Affected Version(s)
vaultwarden < 1.36.0
