Home / Vulnerability Intelligence / CVE-2026-26012

CVE-2026-26012 - Vulnerability Analysis

MediumCVSS: 6.5

Last Updated: February 13, 2026

Vaultwarden - Broken Access Control

Published: February 11, 2026Updated: February 13, 2026PoC AvailableRemote Exploitable

Overview

Vaultwarden prior to 1.35.3 contains an information disclosure vulnerability caused by lack of collection-level access control in /ciphers/organization-details endpoint, letting regular organization members retrieve all organization ciphers, exploit requires organization membership.

Severity & Score

Severity: Medium

CVSS Score: 6.5

EPSS Score: 2.4%(Probability of exploitation in next 30 days)

Impact

Regular organization members can access all organization ciphers, exposing sensitive data beyond their permissions.

Mitigation

Update to version 1.35.3 or later.

References

Social Media Activity(1 post)

benzogaga33 :verified:

@benzogaga33

Feb 13, 2026

Vaultwarden – CVE-2026-26012 : cette faille expose vos mots de passe aux autres utilisateurs ! https://www.it-connect.fr/vaultwarden-cve-2026-26012-cette-faille-expose-vos-mots-de-passe-aux-autres-utilisateurs/ #ActuCybersécurité #Cybersécurité #Vulnérabilité

View original post

GitHub Repositories(1 repo)

https://github.com/Dulieno/CVE-2026-26012

Related Resources

Details

CVE ID: CVE-2026-26012
Severity: Medium
CVSS Score: 6.5
Type: broken_access_control
Status: confirmed
EPSS: 2.4%
Social Posts: 1

CWE

CWE-863

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

EPSS Score

2.4%Probability of exploitation in the next 30 days