SSO Metadata Exposure in Vaultwarden by Bitwarden
CVE-2026-47159

6.9MEDIUM

Key Information:

Vendor
CVE Published:
15 July 2026

What is CVE-2026-47159?

Vaultwarden, a Bitwarden-compatible server built with Rust, was found to have a security flaw in its Single Sign-On (SSO) discovery and pre-validation processes. Prior to version 1.36.0, the application inadvertently exposed organization-related SSO metadata, including organizationIdentifier values associated with arbitrary email addresses. This flaw enabled an attacker to acquire valid pre-validation JSON Web Tokens (JWTs) using just the uncovered identifiers, which led to unauthorized organization enumeration and potential abuse of the authentication workflows. The issue has since been rectified in the latest release, version 1.36.0.

Affected Version(s)

vaultwarden < 1.36.0

References

CVSS V4

Score:
6.9
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.