Vulnerabilities in openbao
21 resultsCVE-2025-59043HIGHOpenBao vulnerable to denial of service via malicious JSON request processingEPSS 0.7%CVE-2026-33757CRITICALOpenBao lacks user confirmation for OIDC direct callback modeEPSS 0.4%CVE-2025-54997CRITICALOpenBao: Privileged Operator May Execute Code on the Underlying HostEPSS 0.3%CVE-2025-52894MEDIUMOpenBao Vulnerable to Unauthenticated Rekey Operation CancellationEPSS 0.3%CVE-2025-64761HIGHOpenBao Privileged Operator Identity Group Root EscalationEPSS 0.3%CVE-2026-40264LOWOpenBao's Token Store Allows Cross-Namespace Renewal, RevocationEPSS 0.3%CVE-2025-62705MEDIUMOpenBao and Vault Leak []byte Fields in Audit LogsEPSS 0.3%CVE-2025-54996HIGHOpenBao Root Namespace Operator May Elevate Token PrivilegesEPSS 0.3%CVE-2025-62513MEDIUMOpenBao leaks HTTPRawBody in Audit LogsEPSS 0.3%CVE-2025-52893MEDIUMOpenBao May Leak Sensitive Information in Logs When Processing Malformed DataEPSS 0.3%CVE-2026-33758CRITICALOpenBao has Reflected XSS in its OIDC authentication error messageEPSS 0.3%CVE-2026-42186LOWOpenBao's Namespace Deletion May Not Delete Data ProperlyEPSS 0.2%CVE-2025-59048HIGHOpenBao AWS Plugin Vulnerable to Cross-Account IAM Role Impersonation in AWS Auth MethodEPSS 0.2%CVE-2026-39946MEDIUMOpenBao allows SQL Injection in PostgreSQL database secrets engineEPSS 0.2%CVE-2026-39396LOWOpenBao has Decompression Bomb via Unbounded Copy in OCI Plugin Extraction (DoS)EPSS 0.2%CVE-2025-55001MEDIUMOpenBao LDAP MFA Enforcement Bypass When Using Username As AliasEPSS 0.2%CVE-2025-54998MEDIUMOpenBao Userpass and LDAP User Lockout BypassEPSS 0.2%CVE-2025-55000MEDIUMOpenBao TOTP Secrets Engine Enables Code ReuseEPSS 0.2%CVE-2025-55003MEDIUMOpenBao Login MFA Bypasses Rate Limiting and TOTP Token ReuseEPSS 0.2%CVE-2025-54999LOWOpenBao: Timing Side-Channel in Userpass Auth MethodEPSS 0.2%