Back to search
CVE-2026-40264
Published: Apr 21, 2026
Modified: Apr 21, 2026
PUBLISHED
Description
OpenBao is an open source identity-based secrets management system. OpenBao's namespaces provide multi-tenant separation. Prior to version 2.5.3, a tenant who leaks token accessors can have their token revoked or renewed by a privileged administrator in another tenant. This is addressed in v2.5.3.
| Vendor | Product | Versions |
|---|---|---|
openbao | openbao | affected < 2.5.3 |
Weaknesses (CWE)
References
https://github.com/openbao/openbao/security/advisories/GHSA-p49j-v9wc-wg57
x_refsource_CONFIRM
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now