PatchSiren

bitwarden CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

CRITICAL bitwarden CVE published 2026-07-08

CVE-2026-60104

CVE-2026-60104 is a critical vulnerability in Bitwarden Server before version 2026.6.0. The issue allows a low-privileged organization member to obtain another user's vault key and a victim-scoped access token. This is achieved by creating a Trusted Device Encryption authentication request bound to an attacker-controlled public key. The request is readable from an unauthenticated endpoint once approved, r [truncated]