Product
high
advisory
Bitwarden Server SCIM API Key Authentication Bypass (CVE-2026-43640)
2 rules 1 TTP 1 CVEBitwarden Server before v2026.4.1 allows an authenticated user with SCIM management privileges to bypass master-password re-authentication when retrieving or rotating an organization's SCIM API key, potentially leading to unauthorized access.
Bitwarden Server
authentication-bypass
privilege-escalation
cve
2r
1t
1c
high
advisory
Bitwarden Server Missing Authorization Vulnerability Leading to Organization Takeover (CVE-2026-43639)
2 rules 1 TTP 1 CVEBitwarden Server prior to v2026.4.0 contains a missing authorization vulnerability (CVE-2026-43639) that allows a provider service user to add an arbitrary organization to their provider via `POST /providers/{providerId}/clients/existing`, resulting in takeover of the target organization in cloud-hosted deployments.
Bitwarden Server
cve
bitwarden
takeover
missing-authorization
cloud
2r
1t
1c