Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:apk/alpine/openbao@2.5.4-r0?arch=armhf&distroversion=v3.23&reponame=community
Typeapk
Namespacealpine
Nameopenbao
Version2.5.4-r0
Qualifiers
arch armhf
distroversion v3.23
reponame community
Subpath
Is_vulnerablefalse
Next_non_vulnerable_versionnull
Latest_non_vulnerable_versionnull
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-7mv8-td84-sff9
vulnerability_id VCID-7mv8-td84-sff9
summary 
OpenBao's Inline Auth Incorrectly Redacted Headers
### Impact

OpenBao's inline auth functionality incorrectly redacted audit log entries, resulting in non-auth headers being removed and auth-related headers being retained in cleartext. This requires an attacker to compromise access to the audit device. Operators should review leaked source authentication material and rotate it as appropriate.

### Patches

This is fixed in OpenBao v2.5.4.

### Resources

https://github.com/openbao/openbao/issues/3074
references
0
reference_url https://github.com/openbao/openbao
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/openbao/openbao
1
reference_url https://github.com/openbao/openbao/commit/131c6966af4dfb4e1906703436eecdb8f2a3e9df
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/openbao/openbao/commit/131c6966af4dfb4e1906703436eecdb8f2a3e9df
2
reference_url https://github.com/openbao/openbao/issues/3074
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/openbao/openbao/issues/3074
3
reference_url https://github.com/openbao/openbao/pull/3076
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/openbao/openbao/pull/3076
4
reference_url https://github.com/openbao/openbao/releases/tag/v2.5.4
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/openbao/openbao/releases/tag/v2.5.4
5
reference_url https://github.com/openbao/openbao/security/advisories/GHSA-q8cj-789h-vg24
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/openbao/openbao/security/advisories/GHSA-q8cj-789h-vg24
fixed_packages
0
url pkg:apk/alpine/openbao@2.5.4-r0?arch=armhf&distroversion=v3.23&reponame=community
purl pkg:apk/alpine/openbao@2.5.4-r0?arch=armhf&distroversion=v3.23&reponame=community
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/openbao@2.5.4-r0%3Farch=armhf&distroversion=v3.23&reponame=community
aliases CVE-2026-46358, GHSA-q8cj-789h-vg24
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7mv8-td84-sff9
1
url VCID-kf8r-jwcm-jkae
vulnerability_id VCID-kf8r-jwcm-jkae
summary 
OpenBao's cross-namespace lease revocation via legacy sys/revoke path bypasses ACL
# Impact

OpenBao's namespaces provide multi-tenant separation. A tenant who intentionally leaks lease identifiers can have their lease and underlying credential revoked or renewed by a user in another tenant via the legacy, undocumented `sys/revoke` and `sys/renew` endpoints.

# Patch

This will be addressed in v2.5.4.
references
0
reference_url https://github.com/openbao/openbao
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/openbao/openbao
1
reference_url https://github.com/openbao/openbao/commit/c0495646b41cea0e3f5a1030132e9cf5c2375b5c
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/openbao/openbao/commit/c0495646b41cea0e3f5a1030132e9cf5c2375b5c
2
reference_url https://github.com/openbao/openbao/pull/3152
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/openbao/openbao/pull/3152
3
reference_url https://github.com/openbao/openbao/releases/tag/v2.5.4
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/openbao/openbao/releases/tag/v2.5.4
4
reference_url https://github.com/openbao/openbao/security/advisories/GHSA-v8v8-cm84-m686
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/openbao/openbao/security/advisories/GHSA-v8v8-cm84-m686
fixed_packages
0
url pkg:apk/alpine/openbao@2.5.4-r0?arch=armhf&distroversion=v3.23&reponame=community
purl pkg:apk/alpine/openbao@2.5.4-r0?arch=armhf&distroversion=v3.23&reponame=community
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/openbao@2.5.4-r0%3Farch=armhf&distroversion=v3.23&reponame=community
aliases CVE-2026-45808, GHSA-v8v8-cm84-m686
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kf8r-jwcm-jkae
2
url VCID-nck4-hdm9-mych
vulnerability_id VCID-nck4-hdm9-mych
summary
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-39946.json
reference_id
reference_type
scores
0
value 4.9
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-39946.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-39946
reference_id
reference_type
scores
0
value 0.00032
scoring_system epss
scoring_elements 0.09909
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-39946
2
reference_url https://github.com/openbao/openbao
reference_id
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
1
value 4.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/openbao/openbao
3
reference_url https://github.com/openbao/openbao/commit/80693a46ebb4fc2455f1c51ed1dd853b28c2fd77
reference_id
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
1
value 4.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/openbao/openbao/commit/80693a46ebb4fc2455f1c51ed1dd853b28c2fd77
4
reference_url https://github.com/openbao/openbao/pull/2931
reference_id
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
1
value 4.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/openbao/openbao/pull/2931
5
reference_url https://github.com/openbao/openbao/releases/tag/v2.5.3
reference_id
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
1
value 4.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/openbao/openbao/releases/tag/v2.5.3
6
reference_url https://github.com/openbao/openbao/security/advisories/GHSA-6vgr-cp5c-ffx3
reference_id
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
1
value 4.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-21T13:34:12Z/
url https://github.com/openbao/openbao/security/advisories/GHSA-6vgr-cp5c-ffx3
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-39946
reference_id
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
1
value 4.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-39946
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2459953
reference_id 2459953
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2459953
fixed_packages
0
url pkg:apk/alpine/openbao@2.5.4-r0?arch=armhf&distroversion=v3.23&reponame=community
purl pkg:apk/alpine/openbao@2.5.4-r0?arch=armhf&distroversion=v3.23&reponame=community
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/openbao@2.5.4-r0%3Farch=armhf&distroversion=v3.23&reponame=community
aliases CVE-2026-39946, GHSA-6vgr-cp5c-ffx3
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nck4-hdm9-mych
3
url VCID-nh4x-pw9t-2kat
vulnerability_id VCID-nh4x-pw9t-2kat
summary
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33758.json
reference_id
reference_type
scores
0
value 9.6
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33758.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-33758
reference_id
reference_type
scores
0
value 0.00054
scoring_system epss
scoring_elements 0.17252
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-33758
2
reference_url https://github.com/openbao/openbao
reference_id
reference_type
scores
0
value 9.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/openbao/openbao
3
reference_url https://github.com/openbao/openbao/commit/6e2b2dd84f0e47cebc90d6e79609dd5274732662
reference_id
reference_type
scores
0
value 9.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-27T18:55:28Z/
url https://github.com/openbao/openbao/commit/6e2b2dd84f0e47cebc90d6e79609dd5274732662
4
reference_url https://github.com/openbao/openbao/pull/2709
reference_id
reference_type
scores
0
value 9.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-27T18:55:28Z/
url https://github.com/openbao/openbao/pull/2709
5
reference_url https://github.com/openbao/openbao/releases/tag/v2.5.2
reference_id
reference_type
scores
0
value 9.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-27T18:55:28Z/
url https://github.com/openbao/openbao/releases/tag/v2.5.2
6
reference_url https://github.com/openbao/openbao/security/advisories/GHSA-cpj3-3r2f-xj59
reference_id
reference_type
scores
0
value 9.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-27T18:55:28Z/
url https://github.com/openbao/openbao/security/advisories/GHSA-cpj3-3r2f-xj59
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-33758
reference_id
reference_type
scores
0
value 9.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-33758
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2452294
reference_id 2452294
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2452294
fixed_packages
0
url pkg:apk/alpine/openbao@2.5.4-r0?arch=armhf&distroversion=v3.23&reponame=community
purl pkg:apk/alpine/openbao@2.5.4-r0?arch=armhf&distroversion=v3.23&reponame=community
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/openbao@2.5.4-r0%3Farch=armhf&distroversion=v3.23&reponame=community
aliases CVE-2026-33758, GHSA-cpj3-3r2f-xj59
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nh4x-pw9t-2kat
4
url VCID-p1wn-u99g-tffd
vulnerability_id VCID-p1wn-u99g-tffd
summary
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-39396
reference_id
reference_type
scores
0
value 0.0004
scoring_system epss
scoring_elements 0.12461
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-39396
1
reference_url https://github.com/openbao/openbao
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/openbao/openbao
2
reference_url https://github.com/openbao/openbao/commit/af576af5322c6552a017ad10fd76aa4f40fd021e
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/openbao/openbao/commit/af576af5322c6552a017ad10fd76aa4f40fd021e
3
reference_url https://github.com/openbao/openbao/pull/2941
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/openbao/openbao/pull/2941
4
reference_url https://github.com/openbao/openbao/releases/tag/v2.5.3
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/openbao/openbao/releases/tag/v2.5.3
5
reference_url https://github.com/openbao/openbao/security/advisories/GHSA-r65v-xgwc-g56j
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-21T15:57:04Z/
url https://github.com/openbao/openbao/security/advisories/GHSA-r65v-xgwc-g56j
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-39396
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-39396
fixed_packages
0
url pkg:apk/alpine/openbao@2.5.4-r0?arch=armhf&distroversion=v3.23&reponame=community
purl pkg:apk/alpine/openbao@2.5.4-r0?arch=armhf&distroversion=v3.23&reponame=community
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/openbao@2.5.4-r0%3Farch=armhf&distroversion=v3.23&reponame=community
aliases CVE-2026-39396, GHSA-r65v-xgwc-g56j
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-p1wn-u99g-tffd
5
url VCID-vw98-r2gn-9qa1
vulnerability_id VCID-vw98-r2gn-9qa1
summary 
OpenBao's Kerberos Auth Method Accumulates Unaccessible Tokens
### Impact

In OpenBao's Kerberos auth method on the `GET` handler, or when an `Authorization: Negotiate` header is supplied, the response is includes a `logical.Auth` object in addition to an error message. This results in tokens being created with only the default policy, default TTL, and no entity information, which are hidden by the returned error message. No access to these tokens by the caller occurs and the authentication token is not ever made accessible outside of `sys/raw`. At most this could cause storage usage.

### Patches

This is fixed in OpenBao v2.5.4. 

### Workarounds

Users may set a rate limit quota to limit the creation of these paths. As the path is unauthenticated, it isn't possible to deny access to it.

### Reporter

This was discovered by an anonymous reporter.
references
0
reference_url https://github.com/openbao/openbao
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/openbao/openbao
1
reference_url https://github.com/openbao/openbao/commit/0d82e0a5a3b6a93e8087bcbaf0b11326c12d4f4d
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/openbao/openbao/commit/0d82e0a5a3b6a93e8087bcbaf0b11326c12d4f4d
2
reference_url https://github.com/openbao/openbao/pull/3150
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/openbao/openbao/pull/3150
3
reference_url https://github.com/openbao/openbao/releases/tag/v2.5.4
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/openbao/openbao/releases/tag/v2.5.4
4
reference_url https://github.com/openbao/openbao/security/advisories/GHSA-7j6w-vvw2-5f9c
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/openbao/openbao/security/advisories/GHSA-7j6w-vvw2-5f9c
fixed_packages
0
url pkg:apk/alpine/openbao@2.5.4-r0?arch=armhf&distroversion=v3.23&reponame=community
purl pkg:apk/alpine/openbao@2.5.4-r0?arch=armhf&distroversion=v3.23&reponame=community
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/openbao@2.5.4-r0%3Farch=armhf&distroversion=v3.23&reponame=community
aliases CVE-2026-46405, GHSA-7j6w-vvw2-5f9c
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vw98-r2gn-9qa1
6
url VCID-x364-8k5z-9qhp
vulnerability_id VCID-x364-8k5z-9qhp
summary
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-5807.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-5807.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-5807
reference_id
reference_type
scores
0
value 0.00037
scoring_system epss
scoring_elements 0.11402
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-5807
2
reference_url https://discuss.hashicorp.com/t/hcsec-2026-08-vault-vulnerable-to-denial-of-service-via-unauthenticated-root-token-generation-rekey-operations/77345
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-17T13:18:46Z/
url https://discuss.hashicorp.com/t/hcsec-2026-08-vault-vulnerable-to-denial-of-service-via-unauthenticated-root-token-generation-rekey-operations/77345
3
reference_url https://github.com/hashicorp/vault
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/hashicorp/vault
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-5807
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-5807
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2459109
reference_id 2459109
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2459109
fixed_packages
0
url pkg:apk/alpine/openbao@2.5.4-r0?arch=armhf&distroversion=v3.23&reponame=community
purl pkg:apk/alpine/openbao@2.5.4-r0?arch=armhf&distroversion=v3.23&reponame=community
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/openbao@2.5.4-r0%3Farch=armhf&distroversion=v3.23&reponame=community
aliases CVE-2026-5807, GHSA-88v5-9hxc-f85r
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-x364-8k5z-9qhp
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:apk/alpine/openbao@2.5.4-r0%3Farch=armhf&distroversion=v3.23&reponame=community