CVE-2026-40264

EPSS 0.05%

OpenBao's Token Store Allows Cross-Namespace Renewal, Revocation

發布日:2026/4/21修改日:2026/4/23

描述

### Impact OpenBao's namespaces provide multi-tenant separation. A tenant who leaks token accessors can have their token revoked or renewed by a privileged administrator in another tenant. ### Patches This was addressed in v2.5.3.

受影響套件(1)

CVSS 分數

來源版本嚴重程度向量
osvCVSS 4.0CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

參考連結(6)