threat
engine
.sh
Back
·
··:··
Home
/
Product
/
openbao
Product
openbao
26 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
Sort
Newest first
Oldest first
Highest CVSS
Lowest CVSS
Min CVSS
Any
4.0+
7.0+ (High)
9.0+ (Critical)
Published since
Reset
CVE-2026-42186
< 2.5.3
OpenBao is an open source identity-based secrets management system. Prior to 2.5.3, when OpenBao's initial namespace deletion fail
7.5
HIGH
CVE-2026-40264
< 2.5.3
OpenBao is an open source identity-based secrets management system. OpenBao's namespaces provide multi-tenant separation. Prior to
2.7
LOW
CVE-2026-39946
< 2.5.3
OpenBao is an open source identity-based secrets management system. Prior to version 2.5.3, when OpenBao revoked privileges on a r
4.9
MEDIUM
CVE-2026-39396
< 2.5.3
OpenBao is an open source identity-based secrets management system. Prior to version 2.5.3,
ExtractPluginFromImage()
in OpenBao'
3.1
LOW
CVE-2026-39388
< 2.5.3
OpenBao is an open source identity-based secrets management system. Prior to version 2.5.3, OpenBao's Certificate authentication m
3.1
LOW
CVE-2026-33758
< 2.5.2
OpenBao is an open source identity-based secrets management system. Prior to version 2.5.2, OpenBao installations that have an OID
6.1
MEDIUM
CVE-2026-33757
< 2.5.2
OpenBao is an open source identity-based secrets management system. Prior to version 2.5.2, OpenBao does not prompt for user confi
9.6
CRITICAL
CVE-2025-64761
< 2.4.4
OpenBao is an open source identity-based secrets management system. Prior to version 2.4.4, a privileged operator could use the id
7.2
HIGH
CVE-2025-59048
< 0.1.1
OpenBao's AWS Plugin generates AWS access credentials based on IAM policies. Prior to version 0.1.1, the AWS Plugin is vulnerable
8.1
HIGH
CVE-2025-62705
< 2.4.2
OpenBao is an open source identity-based secrets management system. Prior to version 2.4.2, OpenBao's audit log did not appropriat
4.9
MEDIUM
CVE-2025-62513
>= 2.2.0 and < 2.4.2
OpenBao is an open source identity-based secrets management system. In versions 2.2.0 to 2.4.1, OpenBao's audit log experienced a
7.5
HIGH
CVE-2025-59043
< 2.4.1
OpenBao is an open source identity-based secrets management system. In OpenBao versions prior to 2.4.1, JSON objects after decodin
7.5
HIGH
CVE-2025-55003
< 2.3.2
OpenBao exists to provide a software solution to manage, store, and distribute sensitive data including secrets, certificates, and
5.7
MEDIUM
CVE-2025-55001
< 2.3.2
OpenBao exists to provide a software solution to manage, store, and distribute sensitive data including secrets, certificates, and
6.5
MEDIUM
CVE-2025-55000
< 2.3.2
OpenBao exists to provide a software solution to manage, store, and distribute sensitive data including secrets, certificates, and
6.5
MEDIUM
CVE-2025-54999
< 2.3.2
OpenBao exists to provide a software solution to manage, store, and distribute sensitive data including secrets, certificates, and
3.7
LOW
CVE-2025-54998
< 2.3.2
OpenBao exists to provide a software solution to manage, store, and distribute sensitive data including secrets, certificates, and
5.3
MEDIUM
CVE-2025-54997
< 2.3.2
OpenBao exists to provide a software solution to manage, store, and distribute sensitive data including secrets, certificates, and
9.1
CRITICAL
CVE-2025-54996
< 2.3.2
OpenBao exists to provide a software solution to manage, store, and distribute sensitive data including secrets, certificates, and
7.2
HIGH
CVE-2025-52894
>= 2.2.0 and < 2.3.0
OpenBao exists to provide a software solution to manage, store, and distribute sensitive data including secrets, certificates, and
7.5
HIGH
CVE-2025-52893
< 2.3.0
OpenBao exists to provide a software solution to manage, store, and distribute sensitive data including secrets, certificates, and
4.5
MEDIUM
CVE-2025-4166
< 2.2.2
Vault Community and Vault Enterprise Key/Value (kv) Version 2 plugin may unintentionally expose sensitive information in server an
4.5
MEDIUM
CVE-2024-8185
< 2.0.3
Vault Community and Vault Enterprise (“Vault”) clusters using Vault’s Integrated Storage backend are vulnerable to a denial-
7.5
HIGH
CVE-2024-9180
< 2.0.3
A privileged Vault operator with write permissions to the root namespace’s identity endpoint could escalate their own or another
7.2
HIGH
CVE-2024-7594
< 2.0.2
Vault’s SSH secrets engine did not require the valid_principals list to contain a value by default. If the valid_principals and
7.5
HIGH
CVE-2024-2048
< 2.0.0
Vault and Vault Enterprise (“Vault”) TLS certificate auth method did not correctly validate client certificates when configure
8.1
HIGH
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin