Skip to content

Vaultwarden has Unauthorized Access via Partial Update API on Another User’s Cipher

Moderate severity GitHub Reviewed Published Mar 4, 2026 in dani-garcia/vaultwarden • Updated Mar 4, 2026

Package

cargo vaultwarden (Rust)

Affected versions

<= 1.35.3

Patched versions

1.35.4

Description

Summary

In the test environment, it was confirmed that an authenticated regular user can specify another user’s cipher_id and call:

PUT /api/ciphers/{id}/partial

Even though the standard retrieval API correctly denies access to that cipher, the partial update endpoint returns 200 OK and exposes cipherDetails (including name, notes, data, secureNote, etc.).

Description

put_cipher_partial retrieves the target Cipher but does not perform ownership or access control checks before returning to_json.
Authorization checks present in the normal update API are missing here.
src/api/core/ciphers.rs:717

let Some(cipher) = Cipher::find_by_uuid(&cipher_id, &conn).await else {
    err!("Cipher doesn't exist")
};

if let Some(ref folder_id) = data.folder_id {
    if Folder::find_by_uuid_and_user(folder_id, &headers.user.uuid, &conn).await.is_none() {
        err!("Invalid folder", "Folder does not exist or belongs to another user");
    }
}

// Move cipher
cipher.move_to_folder(data.folder_id.clone(), &headers.user.uuid, &conn).await?;

// Update favorite
cipher.set_favorite(Some(data.favorite), &headers.user.uuid, &conn).await?;

Ok(Json(cipher.to_json(&headers.host, &headers.user.uuid, None, CipherSyncType::User, &conn).await?))

By comparison, the standard update API includes an explicit authorization check:
src/api/core/ciphers.rs:688

if !cipher.is_write_accessible_to_user(&headers.user.uuid, &conn).await {
    err!("Cipher is not write accessible")
}

The to_json method does not abort processing when access restrictions are not met; instead, it proceeds to construct and return a detailed response.
src/db/models/cipher.rs:175

let (read_only, hide_passwords, _) = if sync_type == CipherSyncType::User {
    match self.get_access_restrictions(user_uuid, cipher_sync_data, conn).await {
        Some((ro, hp, mn)) => (ro, hp, mn),
        None => {
            error!("Cipher ownership assertion failure");
            (true, true, false)
        }
    }
} else {
    (false, false, false)
};

src/db/models/cipher.rs:335

let mut json_object = json!({
    "object": "cipherDetails",
    "id": self.uuid,
    "type": self.atype,
    ...
    "name": self.name,
    "notes": self.notes,
    "fields": fields_json,
    "data": data_json,
    ...
});

Preconditions

  • The attacker possesses a valid regular-user JWT (Bearer token).
  • The attacker knows the target (victim) cipher_id.

Steps to Reproduce

  1. Prepare the attacker JWT and victim cipher_id (preconditions).
  2. Baseline check: confirm that standard retrieval is denied.

image

  1. Execute the vulnerable API. Confirm that 200 OK is returned and that cipherDetails includes fields such as id, name, notes, secureNote, etc.

image

Potential Impact

  • Unauthorized disclosure of other users’ cipher information (confidentiality breach).
  • Creation of unauthorized associations within the attacker’s user context (e.g., favorite or folder operations).
  • The response from /api/ciphers/<cipher_id>/partial includes attachments[].url.

In filesystem (FS) deployments, this returns a tokenized endpoint such as:

/attachments/<cipher>/<file>?token=...

In object storage deployments, it returns a short-lived pre-signed URL.

As a result, an attacker can use these URLs to directly download attachment data that they are not authorized to access.

This can lead to disclosure of sensitive information stored in the Vault, including personal data and authentication credentials. Such exposure may further result in account compromise, lateral movement, and other secondary impacts.

References

@dani-garcia dani-garcia published to dani-garcia/vaultwarden Mar 4, 2026
Published to the GitHub Advisory Database Mar 4, 2026
Reviewed Mar 4, 2026
Last updated Mar 4, 2026

Severity

Moderate

CVSS overall score

This score calculates overall vulnerability severity from 0 to 10 and is based on the Common Vulnerability Scoring System (CVSS).
/ 10

CVSS v3 base metrics

Attack vector
Network
Attack complexity
Low
Privileges required
Low
User interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
Low
Availability
None

CVSS v3 base metrics

Attack vector: More severe the more the remote (logically and physically) an attacker can be in order to exploit the vulnerability.
Attack complexity: More severe for the least complex attacks.
Privileges required: More severe if no privileges are required.
User interaction: More severe when no user interaction is required.
Scope: More severe when a scope change occurs, e.g. one vulnerable component impacts resources in components beyond its security scope.
Confidentiality: More severe when loss of data confidentiality is highest, measuring the level of data access available to an unauthorized user.
Integrity: More severe when loss of data integrity is the highest, measuring the consequence of data modification possible by an unauthorized user.
Availability: More severe when the loss of impacted component availability is highest.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

EPSS score

Exploit Prediction Scoring System (EPSS)

This score estimates the probability of this vulnerability being exploited within the next 30 days. Data provided by FIRST.
(10th percentile)

Weaknesses

Authorization Bypass Through User-Controlled Key

The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data. Learn more on MITRE.

CVE ID

CVE-2026-27898

GHSA ID

GHSA-w9f8-m526-h7fh

Source code

Credits

Loading Checking history
See something to contribute? Suggest improvements for this vulnerability.