โ† All reports

Prior to version 2.5.3, OpenBao had vulnerabilities that allowed tenant token accessors to be revoked or renewed by privileged administrators, posing a security risk.

CybersecurityTechnologyConflictApr 21, 2026score 0.172 posts ยท 0 replies across 1 instances
The thread discusses two vulnerabilities in the openbao software, both related to security issues in its handling of container images and token management. These vulnerabilities highlight potential risks in the software's security features, which could impact the reliability and safety of systems using openbao.

Claims

Prior to version 2.5.3, OpenBao had vulnerabilities that allowed tenant token accessors to be revoked or renewed by privileged administrators, posing a security risk.
Parent: Software SecurityEntity: OpenBaoImpact: negativeDate: Apr 21, 2026Target: The security of OpenBao prior to version 2.5.3
Prior to version 2.5.3, OpenBao's OCI plugin downloader had a vulnerability that allowed insecure extraction of plugin binaries from container images, creating a potential security risk.
Parent: Software SecurityEntity: OpenBaoImpact: negativeDate: Apr 21, 2026Target: The security of OpenBao prior to version 2.5.3

Source posts

@[email protected]
๐Ÿšจ EUVD-2026-24035 ๐Ÿ“Š Score: 4.6/10 (CVSS v3.1) ๐Ÿ“ฆ Product: openbao ๐Ÿข Vendor: openbao ๐Ÿ“… Updated: 2026-04-21 ๐Ÿ“ OpenBao is an open source identity-based secrets management system. Prior to version 2.5.3, when OpenBao revoked privileges on a role in the PostgreSQL database secrets engine, OpenBao failed to use proper database quoting on schema names provided by Postgre... ๐Ÿ”— https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-24035 #cybersecurity #infosec #euvd #cve #vulnerability
1 boosts ยท 0 favs ยท 0 replies ยท Apr 21, 2026
#cybersecurity#infosec#euvd#cve#vulnerability
@[email protected]
๐Ÿšจ EUVD-2026-24029 ๐Ÿ“Š Score: 2.0/10 (CVSS v3.1) ๐Ÿ“ฆ Product: openbao ๐Ÿข Vendor: openbao ๐Ÿ“… Updated: 2026-04-21 ๐Ÿ“ OpenBao is an open source identity-based secrets management system. Prior to version 2.5.3, OpenBao's Certificate authentication method, when a token renewal is requested and `disable_binding=true` is set, attempts to verify the current request's presented m... ๐Ÿ”— https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-24029 #cybersecurity #infosec #euvd #cve #vulnerability
1 boosts ยท 0 favs ยท 0 replies ยท Apr 21, 2026
#cybersecurity#infosec#euvd#cve#vulnerability
@[email protected]
๐Ÿšจ EUVD-2026-24031 ๐Ÿ“Š Score: 3.1/10 (CVSS v3.1) ๐Ÿ“ฆ Product: openbao ๐Ÿข Vendor: openbao ๐Ÿ“… Updated: 2026-04-21 ๐Ÿ“ OpenBao is an open source identity-based secrets management system. Prior to version 2.5.3, `ExtractPluginFromImage()` in OpenBao's OCI plugin downloader extracts a plugin binary from a container image by streaming decompressed tar data via `io.Copy` with no... ๐Ÿ”— https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-24031 #cybersecurity #infosec #euvd #cve #vulnerability
0 boosts ยท 0 favs ยท 0 replies ยท Apr 21, 2026
#cybersecurity#infosec#euvd#cve#vulnerability
@[email protected]
๐Ÿšจ EUVD-2026-24037 ๐Ÿ“Š Score: 2.0/10 (CVSS v3.1) ๐Ÿ“ฆ Product: openbao ๐Ÿข Vendor: openbao ๐Ÿ“… Updated: 2026-04-21 ๐Ÿ“ OpenBao is an open source identity-based secrets management system. OpenBao's namespaces provide multi-tenant separation. Prior to version 2.5.3, a tenant who leaks token accessors can have their token revoked or renewed by a privileged administrator in anot... ๐Ÿ”— https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-24037 #cybersecurity #infosec #euvd #cve #vulnerability
0 boosts ยท 0 favs ยท 0 replies ยท Apr 21, 2026
#cybersecurity#infosec#euvd#cve#vulnerability