Critical Security Flaws in Vaultwarden Affecting Fedora 43 and 44

Multiple critical vulnerabilities have been identified in Vaultwarden, impacting Fedora 43 and 44. Key issues include CVE-2026-27801, allowing two-factor authentication bypass, and CVE-2026-27803, which enables unauthorized collection management operations. These vulnerabilities could lead to unauthorized access and data deletion. The updates released on June 3, 2026, address these flaws, along with several others, including CVE-2026-25537 and CVE-2026-26012, which involve authorization bypass and denial of service attacks. Users are urged to apply the updates promptly to mitigate risks. The vulnerabilities were disclosed between February and March 2026, with some having proof-of-concept (PoC) exploits available. The affected systems include Vaultwarden installations on Fedora platforms.

Key Points: • Critical vulnerabilities in Vaultwarden could allow unauthorized access and data deletion. • CVE-2026-27801 and CVE-2026-27803 are among the most severe flaws addressed in recent updates. • Users must update their Vaultwarden installations on Fedora 43 and 44 to protect against these threats.