Bitwarden Server
3 CVEs affecting Bitwarden Server. Latest disclosed: 2026-05-11. Critical: 0, High: 2.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-43640 | High | 8.1 | 2026-05-11 | Bitwarden Server prior to v2026.4.1 does not require master-password re-authentication when retrieving or rotating an organization's SCIM API key, allowing an… |
CVE-2026-43639 | High | 8.0 | 2026-05-11 | Bitwarden Server prior to v2026.4.0 contains a missing authorization vulnerability that allows a provider service user to add an arbitrary organization to thei… |
CVE-2026-43638 | Medium | 5.4 | 2026-05-11 | Bitwarden Server prior to v2026.4.1 contains a missing authorization vulnerability that allows any authenticated user to write ciphers into an arbitrary organi… |