MEDIUM
Dani Garcia
CVE published 2026-05-11
CVE-2026-43911
CVE-2026-43911 is a medium-severity authentication/session-management issue in Vaultwarden. Prior to version 1.35.5, refresh tokens were not invalidated when a user’s security_stamp was rotated by certain security-sensitive actions, including password change, KDF change, key rotation, email change, org admin password reset, and emergency access takeover. As a result, an attacker who already obtained a ref [truncated]