Openbao Security Vulnerabilities (CVEs)
Track 12 security vulnerabilities affecting Openbao products and software. Get instant email alerts when new CVEs are discovered, automated security monitoring, and patch guidance.
OpenBao versions before 2.4.4 contain a privilege escalation vulnerability where privileged operators without policy access can add root policies to i...
Nov 25, 2025OpenBao's AWS authentication plugin allows IAM roles from untrusted AWS accounts to impersonate roles with the same name in trusted accounts, granting...
Oct 23, 2025OpenBao versions 2.2.0 to 2.4.1 have an audit log regression where raw HTTP bodies for certain endpoints aren't properly redacted. This leaks ACME ver...
Oct 22, 2025OpenBao versions before 2.4.1 have a memory exhaustion vulnerability where specially crafted JSON payloads can cause disproportionate memory consumpti...
Oct 17, 2025OpenBao's MFA system in versions 2.3.1 and below has a TOTP code validation flaw where whitespace in codes bypasses rate limiting, allowing attackers ...
Aug 9, 2025This vulnerability allows privileged OpenBao operators to bypass security restrictions and execute arbitrary code on the underlying host by manipulati...
Aug 9, 2025OpenBao's TOTP secrets engine in versions 0.1.0 through 2.3.1 allows TOTP codes to be reused multiple times due to normalization issues in the underly...
Aug 9, 2025OpenBao versions 2.3.1 and below contain an LDAP authentication bypass vulnerability when using username_as_alias=true parameter. Attackers can bypass...
Aug 9, 2025OpenBao before version 2.3.0 allows unauthenticated attackers to cancel root rekey and recovery rekey operations, causing denial of service. This affe...
Jun 25, 2025CVE-2025-4166 allows sensitive information exposure in Vault server and audit logs when users submit malformed payloads during secret creation or upda...
May 2, 2025This vulnerability allows attackers to cause denial-of-service through memory exhaustion by sending excessive requests to Vault's Raft cluster join AP...
Oct 31, 2024This vulnerability allows a Vault operator with write permissions to the root namespace's identity endpoint to escalate their own or another user's pr...
Oct 10, 2024Why Monitor Openbao Security Vulnerabilities?
Real-time CVE tracking: Our automated system monitors 12+ known vulnerabilities affecting Openbao products and software packages. Stay ahead of emerging threats with instant email notifications when new security issues are discovered.
Automated security monitoring: Unlike manual CVE checking, FixTheCVE automatically scans your servers and detects vulnerable Openbao packages in under 60 seconds. No agents required - completely agentless scanning that works across Openbao deployments.
Free vulnerability database: Access detailed information about every Openbao CVE including CVSS scores, severity ratings, affected versions, and actionable patch guidance. Filter by critical, high, medium, or low severity to prioritize your security remediation efforts.
🚀 Get Started in 60 Seconds
- Register free account & add your servers
- Run one-time scan or schedule automatic monitoring (every 1-24 hours)
- Receive instant alerts when new Openbao CVEs affect your systems
- Access dashboard with severity breakdown & fix instructions
