CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2026-31835

Vaultwarden is a Bitwarden-compatible server written in Rust. In versions 1.35.4 and earlier, the WebAuthn authentication flow in `validate_webauthn_login()` updates persistent credential metadata (1backup_eligible1 and 1backup_state flags1) based on unverified `authenticatorData` before signature validation is performed. An attacker who knows a user's password but cannot produce a valid WebAuthn signature can permanently modify the stored backup flags for that user's credential. If signature verification fails, the database update is not rolled back. This can result in a persistent denial of service of WebAuthn two-factor authentication for affected credentials. This issue has been fixed in version 1.35.5.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 13.0%

CVSS Severity

CVSS v3 Score 5.4

References

Products affected by CVE-2026-31835

Dani-Garcia » Vaultwarden » Version: 0.10.0

cpe:2.3:a:dani-garcia:vaultwarden:0.10.0
Dani-Garcia » Vaultwarden » Version: 0.11.0

cpe:2.3:a:dani-garcia:vaultwarden:0.11.0
Dani-Garcia » Vaultwarden » Version: 0.12.0

cpe:2.3:a:dani-garcia:vaultwarden:0.12.0
Dani-Garcia » Vaultwarden » Version: 0.13.0

cpe:2.3:a:dani-garcia:vaultwarden:0.13.0
Dani-Garcia » Vaultwarden » Version: 0.9.0

cpe:2.3:a:dani-garcia:vaultwarden:0.9.0
Dani-Garcia » Vaultwarden » Version: 1.0.0

cpe:2.3:a:dani-garcia:vaultwarden:1.0.0
Dani-Garcia » Vaultwarden » Version: 1.1.0

cpe:2.3:a:dani-garcia:vaultwarden:1.1.0
Dani-Garcia » Vaultwarden » Version: 1.10.0

cpe:2.3:a:dani-garcia:vaultwarden:1.10.0
Dani-Garcia » Vaultwarden » Version: 1.11.0

cpe:2.3:a:dani-garcia:vaultwarden:1.11.0
Dani-Garcia » Vaultwarden » Version: 1.12.0

cpe:2.3:a:dani-garcia:vaultwarden:1.12.0
Dani-Garcia » Vaultwarden » Version: 1.13.0

cpe:2.3:a:dani-garcia:vaultwarden:1.13.0
Dani-Garcia » Vaultwarden » Version: 1.13.1

cpe:2.3:a:dani-garcia:vaultwarden:1.13.1
Dani-Garcia » Vaultwarden » Version: 1.14

cpe:2.3:a:dani-garcia:vaultwarden:1.14
Dani-Garcia » Vaultwarden » Version: 1.14.1

cpe:2.3:a:dani-garcia:vaultwarden:1.14.1
Dani-Garcia » Vaultwarden » Version: 1.14.2

cpe:2.3:a:dani-garcia:vaultwarden:1.14.2
Dani-Garcia » Vaultwarden » Version: 1.15.0

cpe:2.3:a:dani-garcia:vaultwarden:1.15.0
Dani-Garcia » Vaultwarden » Version: 1.15.1

cpe:2.3:a:dani-garcia:vaultwarden:1.15.1
Dani-Garcia » Vaultwarden » Version: 1.16.0

cpe:2.3:a:dani-garcia:vaultwarden:1.16.0
Dani-Garcia » Vaultwarden » Version: 1.16.1

cpe:2.3:a:dani-garcia:vaultwarden:1.16.1
Dani-Garcia » Vaultwarden » Version: 1.16.2

cpe:2.3:a:dani-garcia:vaultwarden:1.16.2
Dani-Garcia » Vaultwarden » Version: 1.16.3

cpe:2.3:a:dani-garcia:vaultwarden:1.16.3
Dani-Garcia » Vaultwarden » Version: 1.17.0

cpe:2.3:a:dani-garcia:vaultwarden:1.17.0
Dani-Garcia » Vaultwarden » Version: 1.18.0

cpe:2.3:a:dani-garcia:vaultwarden:1.18.0
Dani-Garcia » Vaultwarden » Version: 1.19.0

cpe:2.3:a:dani-garcia:vaultwarden:1.19.0
Dani-Garcia » Vaultwarden » Version: 1.2.0

cpe:2.3:a:dani-garcia:vaultwarden:1.2.0
Dani-Garcia » Vaultwarden » Version: 1.20.0

cpe:2.3:a:dani-garcia:vaultwarden:1.20.0
Dani-Garcia » Vaultwarden » Version: 1.21.0

cpe:2.3:a:dani-garcia:vaultwarden:1.21.0
Dani-Garcia » Vaultwarden » Version: 1.22.0

cpe:2.3:a:dani-garcia:vaultwarden:1.22.0
Dani-Garcia » Vaultwarden » Version: 1.22.1

cpe:2.3:a:dani-garcia:vaultwarden:1.22.1
Dani-Garcia » Vaultwarden » Version: 1.22.2

cpe:2.3:a:dani-garcia:vaultwarden:1.22.2
Dani-Garcia » Vaultwarden » Version: 1.23.0

cpe:2.3:a:dani-garcia:vaultwarden:1.23.0
Dani-Garcia » Vaultwarden » Version: 1.23.1

cpe:2.3:a:dani-garcia:vaultwarden:1.23.1
Dani-Garcia » Vaultwarden » Version: 1.24.0

cpe:2.3:a:dani-garcia:vaultwarden:1.24.0
Dani-Garcia » Vaultwarden » Version: 1.25.0

cpe:2.3:a:dani-garcia:vaultwarden:1.25.0
Dani-Garcia » Vaultwarden » Version: 1.25.1

cpe:2.3:a:dani-garcia:vaultwarden:1.25.1
Dani-Garcia » Vaultwarden » Version: 1.25.2

cpe:2.3:a:dani-garcia:vaultwarden:1.25.2
Dani-Garcia » Vaultwarden » Version: 1.26.0

cpe:2.3:a:dani-garcia:vaultwarden:1.26.0
Dani-Garcia » Vaultwarden » Version: 1.27.0

cpe:2.3:a:dani-garcia:vaultwarden:1.27.0
Dani-Garcia » Vaultwarden » Version: 1.28.0

cpe:2.3:a:dani-garcia:vaultwarden:1.28.0
Dani-Garcia » Vaultwarden » Version: 1.28.1

cpe:2.3:a:dani-garcia:vaultwarden:1.28.1
Dani-Garcia » Vaultwarden » Version: 1.29.0

cpe:2.3:a:dani-garcia:vaultwarden:1.29.0
Dani-Garcia » Vaultwarden » Version: 1.29.1

cpe:2.3:a:dani-garcia:vaultwarden:1.29.1
Dani-Garcia » Vaultwarden » Version: 1.29.2

cpe:2.3:a:dani-garcia:vaultwarden:1.29.2
Dani-Garcia » Vaultwarden » Version: 1.3.0

cpe:2.3:a:dani-garcia:vaultwarden:1.3.0
Dani-Garcia » Vaultwarden » Version: 1.30.0

cpe:2.3:a:dani-garcia:vaultwarden:1.30.0
Dani-Garcia » Vaultwarden » Version: 1.30.1

cpe:2.3:a:dani-garcia:vaultwarden:1.30.1
Dani-Garcia » Vaultwarden » Version: 1.30.2

cpe:2.3:a:dani-garcia:vaultwarden:1.30.2
Dani-Garcia » Vaultwarden » Version: 1.30.3

cpe:2.3:a:dani-garcia:vaultwarden:1.30.3
Dani-Garcia » Vaultwarden » Version: 1.30.4

cpe:2.3:a:dani-garcia:vaultwarden:1.30.4
Dani-Garcia » Vaultwarden » Version: 1.30.5

cpe:2.3:a:dani-garcia:vaultwarden:1.30.5
Dani-Garcia » Vaultwarden » Version: 1.31.0

cpe:2.3:a:dani-garcia:vaultwarden:1.31.0
Dani-Garcia » Vaultwarden » Version: 1.32.0

cpe:2.3:a:dani-garcia:vaultwarden:1.32.0
Dani-Garcia » Vaultwarden » Version: 1.32.1

cpe:2.3:a:dani-garcia:vaultwarden:1.32.1
Dani-Garcia » Vaultwarden » Version: 1.32.2

cpe:2.3:a:dani-garcia:vaultwarden:1.32.2
Dani-Garcia » Vaultwarden » Version: 1.32.3

cpe:2.3:a:dani-garcia:vaultwarden:1.32.3
Dani-Garcia » Vaultwarden » Version: 1.32.4

cpe:2.3:a:dani-garcia:vaultwarden:1.32.4
Dani-Garcia » Vaultwarden » Version: 1.32.5

cpe:2.3:a:dani-garcia:vaultwarden:1.32.5
Dani-Garcia » Vaultwarden » Version: 1.32.6

cpe:2.3:a:dani-garcia:vaultwarden:1.32.6
Dani-Garcia » Vaultwarden » Version: 1.32.7

cpe:2.3:a:dani-garcia:vaultwarden:1.32.7
Dani-Garcia » Vaultwarden » Version: 1.33.0

cpe:2.3:a:dani-garcia:vaultwarden:1.33.0
Dani-Garcia » Vaultwarden » Version: 1.33.1

cpe:2.3:a:dani-garcia:vaultwarden:1.33.1
Dani-Garcia » Vaultwarden » Version: 1.33.2

cpe:2.3:a:dani-garcia:vaultwarden:1.33.2
Dani-Garcia » Vaultwarden » Version: 1.34.0

cpe:2.3:a:dani-garcia:vaultwarden:1.34.0
Dani-Garcia » Vaultwarden » Version: 1.34.1

cpe:2.3:a:dani-garcia:vaultwarden:1.34.1
Dani-Garcia » Vaultwarden » Version: 1.34.2

cpe:2.3:a:dani-garcia:vaultwarden:1.34.2
Dani-Garcia » Vaultwarden » Version: 1.34.3

cpe:2.3:a:dani-garcia:vaultwarden:1.34.3
Dani-Garcia » Vaultwarden » Version: 1.35.0

cpe:2.3:a:dani-garcia:vaultwarden:1.35.0
Dani-Garcia » Vaultwarden » Version: 1.35.1

cpe:2.3:a:dani-garcia:vaultwarden:1.35.1
Dani-Garcia » Vaultwarden » Version: 1.35.2

cpe:2.3:a:dani-garcia:vaultwarden:1.35.2
Dani-Garcia » Vaultwarden » Version: 1.35.3

cpe:2.3:a:dani-garcia:vaultwarden:1.35.3
Dani-Garcia » Vaultwarden » Version: 1.35.4

cpe:2.3:a:dani-garcia:vaultwarden:1.35.4
Dani-Garcia » Vaultwarden » Version: 1.4.0

cpe:2.3:a:dani-garcia:vaultwarden:1.4.0
Dani-Garcia » Vaultwarden » Version: 1.5.0

cpe:2.3:a:dani-garcia:vaultwarden:1.5.0
Dani-Garcia » Vaultwarden » Version: 1.6.0

cpe:2.3:a:dani-garcia:vaultwarden:1.6.0
Dani-Garcia » Vaultwarden » Version: 1.6.1

cpe:2.3:a:dani-garcia:vaultwarden:1.6.1
Dani-Garcia » Vaultwarden » Version: 1.7.0

cpe:2.3:a:dani-garcia:vaultwarden:1.7.0
Dani-Garcia » Vaultwarden » Version: 1.8.0

cpe:2.3:a:dani-garcia:vaultwarden:1.8.0
Dani-Garcia » Vaultwarden » Version: 1.9.0

cpe:2.3:a:dani-garcia:vaultwarden:1.9.0
Dani-Garcia » Vaultwarden » Version: 1.9.1

cpe:2.3:a:dani-garcia:vaultwarden:1.9.1

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2026-31835

Products

Pricing

Contact Us