VIR Vulnerability Intelligence Relay

Package impact

golang Go / github.com/openbao/openbao

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Published Description Impact
CVE-2026-42186 high 7.5 7.5 14d ago OpenBao's Namespace Deletion May Not Delete Data Properly golang
CVE-2026-39396 medium 6.5 6.5 1mo ago OpenBao: Decompression Bomb via Unbounded Copy in OCI Plugin Extraction (DoS) golang
CVE-2026-40264 unknown 1mo ago OpenBao's Token Store Allows Cross-Namespace Renewal, Revocation golang
CVE-2026-39946 unknown 1mo ago OpenBao's SQL Injection in PostgreSQL database secrets engine golang
CVE-2026-39388 unknown 1mo ago OpenBao's Certificate Authentication Allows Token Renewal With Different Certificate golang
CVE-2026-33758 unknown 2mo ago OpenBao has Reflected XSS in its OIDC authentication error message in github.com/openbao/openbao golang
CVE-2026-33757 unknown 2mo ago OpenBao lacks user confirmation for OIDC direct callback mode in github.com/openbao/openbao golang
CVE-2025-64761 unknown 6mo ago OpenBao is Vulnerable to Privileged Operator Identity Group Root Escalation in github.com/openbao/openbao susegolang
CVE-2025-62705 unknown 7mo ago OpenBao and Vault Leak []byte Fields in Audit Logs in github.com/openbao/openbao golang
CVE-2025-62513 unknown 7mo ago OpenBao leaks HTTPRawBody in Audit Logs in github.com/openbao/openbao golang
CVE-2025-59043 unknown 7mo ago OpenBao has potential Denial of Service vulnerability when processing malicious unauthenticated JSON requests in github.com/openbao/openbao golang
CVE-2025-55001 unknown 10mo ago OpenBao LDAP MFA Enforcement Bypass When Using Username As Alias in github.com/openbao/openbao golang
CVE-2025-55003 unknown 10mo ago OpenBao Login MFA Bypass of Rate Limiting and TOTP Token Reuse in github.com/openbao/openbao golang
CVE-2025-55000 unknown 10mo ago OpenBao TOTP Secrets Engine Code Reuse in github.com/openbao/openbao golang
CVE-2025-54999 unknown 10mo ago OpenBao has a Timing Side-Channel in the Userpass Auth Method in github.com/openbao/openbao golang
CVE-2025-54998 unknown 10mo ago OpenBao Userpass and LDAP User Lockout Bypass in github.com/openbao/openbao golang
CVE-2025-54997 unknown 10mo ago Privileged OpenBao Operator May Execute Code on the Underlying Host in github.com/openbao/openbao golang
CVE-2025-54996 unknown 10mo ago OpenBao Root Namespace Operator May Elevate Token Privileges in github.com/openbao/openbao golang
CVE-2025-52894 unknown 11mo ago OpenBao allows cancellation of root rekey and recovery rekey operations without authentication in github.com/openbao/openbao golang
CVE-2024-8185 unknown 2y ago Hashicorp Vault vulnerable to denial of service through memory exhaustion in github.com/hashicorp/vault susegolang
CVE-2024-9180 unknown 2y ago Vault Community Edition privilege escalation vulnerability in github.com/hashicorp/vault golang
CVE-2024-7594 unknown 2y ago Vault SSH Secrets Engine Configuration Did Not Restrict Valid Principals By Default in github.com/hashicorp/vault golang