OpenBao is an open source identity-based secrets management system. OpenBao's namespaces provide multi-tenant separation. Prior to version 2.5.3, a tenant who leaks token accessors can have their token revoked or renewed by a privileged administrator in another tenant. This is addressed in v2.5.3.
Metrics
Affected Vendors & Products
| Vendors | Products |
|---|---|
| Openbao |
|
No data.
No data.
References
History
Tue, 21 Apr 2026 03:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Openbao
Openbao openbao |
|
| Vendors & Products |
Openbao
Openbao openbao |
Tue, 21 Apr 2026 01:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | OpenBao is an open source identity-based secrets management system. OpenBao's namespaces provide multi-tenant separation. Prior to version 2.5.3, a tenant who leaks token accessors can have their token revoked or renewed by a privileged administrator in another tenant. This is addressed in v2.5.3. | |
| Title | OpenBao's Token Store Allows Cross-Namespace Renewal, Revocation | |
| Weaknesses | CWE-1259 | |
| References |
| |
| Metrics |
cvssV4_0
|
MITRE
Status: PUBLISHED
Assigner: GitHub_M
Published: 2026-04-21T00:47:38.156Z
Updated: 2026-04-21T00:47:38.156Z
Reserved: 2026-04-10T17:31:45.787Z
Link: CVE-2026-40264
Vulnrichment
No data.
NVD
Status : Received
Published: 2026-04-21T01:16:06.917
Modified: 2026-04-21T01:16:06.917
Link: CVE-2026-40264
Redhat
No data.