CVE-2026-31835— Vaultwarden WebAuthn credential metadata tampered before signature verification
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-31835
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Vaultwarden WebAuthn credential metadata tampered before signature verification
Source: NVD (National Vulnerability Database)
Vulnerability Description
Vaultwarden is a Bitwarden-compatible server written in Rust. In versions 1.35.4 and earlier, the WebAuthn authentication flow in `validate_webauthn_login()` updates persistent credential metadata (1backup_eligible1 and 1backup_state flags1) based on unverified `authenticatorData` before signature validation is performed. An attacker who knows a user's password but cannot produce a valid WebAuthn signature can permanently modify the stored backup flags for that user's credential. If signature verification fails, the database update is not rolled back. This can result in a persistent denial of service of WebAuthn two-factor authentication for affected credentials. This issue has been fixed in version 1.35.5.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
对数据真实性的验证不充分
Source: NVD (National Vulnerability Database)
Vulnerability Title
Vaultwarden 数据伪造问题漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Vaultwarden是Daniel García个人开发者的一个用 Rust 编写的 Bitwarden 服务器 API 的替代实现。 Vaultwarden 1.35.4及之前版本存在数据伪造问题漏洞,该漏洞源于WebAuthn认证流程中在签名验证前更新凭据元数据,可能导致WebAuthn双因素认证持久拒绝服务。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| dani-garcia | vaultwarden | < 1.35.5 | - |
II. Public POCs for CVE-2026-31835
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-31835
请登录查看更多情报信息。
- Release 1.35.5 · dani-garcia/vaultwarden · GitHubx_refsource_MISC
- https://nvd.nist.gov/vuln/detail/CVE-2026-31835
IV. Related Vulnerabilities
Same product: vaultwarden
- CVE-2026-33420
Vaultwarden missing authorization check allows Manager-role - CVE-2026-27898
Vaultwarden: Unauthorized Access via Partial Update API on A - CVE-2026-27803
Vaultwarden: Collection Management Operations Allowed Withou - CVE-2026-27802
Vaultwarden: Privilege Escalation via Bulk Permission Update - CVE-2026-27801
Vaultwarden: 2FA Bypass on Protected Actions due to Faulty R
Same vendor: dani-garcia
- CVE-2026-33420
Vaultwarden missing authorization check allows Manager-role - CVE-2026-27898
Vaultwarden: Unauthorized Access via Partial Update API on A - CVE-2026-27803
Vaultwarden: Collection Management Operations Allowed Withou - CVE-2026-27802
Vaultwarden: Privilege Escalation via Bulk Permission Update - CVE-2026-27801
Vaultwarden: 2FA Bypass on Protected Actions due to Faulty R
Same weakness: CWE-345
- CVE-2026-42575
apko doesn't verify downloaded apk packages against APKINDEX - CVE-2026-41432
New API: Stripe Webhook Signature Bypass via Empty Secret En - CVE-2026-42206
Roadiz OpenID Connect nonce generated but never validated — - CVE-2026-43534
OpenClaw < 2026.4.10 - Unsanitized External Input in Agent H - CVE-2026-7611
TRENDnet TEW-821DAP Firmware Update cameo_dev.sh platform_do
V. Comments for CVE-2026-31835
No comments yet