openbao

Top products

The 15 most recently published vulnerabilities affecting openbao.

• CVE-2026-42186OpenBao's Namespace Deletion May Not Delete Data Properly7.5May 14, 2026
• CVE-2026-40264OpenBao's Token Store Allows Cross-Namespace Renewal, Revocation2.7Apr 21, 2026
• CVE-2026-39396OpenBao has Decompression Bomb via Unbounded Copy in OCI Plugin Extraction (DoS)3.1Apr 21, 2026
• CVE-2026-39388OpenBao's Certificate Authentication Allows Token Renewal With Different Certificate3.1Apr 21, 2026
• CVE-2026-39946OpenBao allows SQL Injection in PostgreSQL database secrets engine4.9Apr 21, 2026
• CVE-2026-33758OpenBao has Reflected XSS in its OIDC authentication error message6.1Mar 27, 2026
• CVE-2026-33757OpenBao lacks user confirmation for OIDC direct callback mode9.6Mar 27, 2026
• CVE-2025-64761OpenBao Privileged Operator Identity Group Root Escalation7.2Nov 25, 2025
• CVE-2025-59048OpenBao AWS Plugin Vulnerable to Cross-Account IAM Role Impersonation in AWS Auth Method8.1Oct 23, 2025
• CVE-2025-62705OpenBao and Vault Leak []byte Fields in Audit Logs4.9Oct 22, 2025
• CVE-2025-62513OpenBao leaks HTTPRawBody in Audit Logs7.5Oct 22, 2025
• CVE-2025-59043OpenBao vulnerable to denial of service via malicious JSON request processing7.5Oct 17, 2025
• CVE-2025-55003OpenBao Login MFA Bypasses Rate Limiting and TOTP Token Reuse5.7Aug 9, 2025
• CVE-2025-55001OpenBao LDAP MFA Enforcement Bypass When Using Username As Alias6.5Aug 9, 2025
• CVE-2025-55000OpenBao TOTP Secrets Engine Enables Code Reuse6.5Aug 9, 2025