CVE-2026-42186
EPSS 0.04%OpenBao's Namespace Deletion May Not Delete Data Properly
發布日:2026/5/5修改日:2026/5/14
描述
### Impact When OpenBao's initial namespace deletion fails, subsequent retries fail to properly remove all data before marking the namespace as deleted. This can affect any outstanding leases as well as potentially leaving unrelated storage entries around. ### Patches This will be patched in OpenBao v2.5.3. ### Workarounds Users may manually remove mounts prior to deleting the namespace. Audit logs may be used to identify repeated deletion attempts against the same namespace; `sys/raw` can be used to see what leases were not correctly deleted.
受影響套件(1)
- Go/github.com/openbao/openbaofrom 0, < 0.0.0-20260420173541-6d2e0506e2b4
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 4.0 | — | CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N |
參考連結(5)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2026-42186
- PATCHhttps://github.com/openbao/openbao
- WEBhttps://github.com/openbao/openbao/commit/6d2e0506e2b41be0eaa6643bf7b4efc9a2c09445
- WEBhttps://github.com/openbao/openbao/releases/tag/v2.5.3
- WEBhttps://github.com/openbao/openbao/security/advisories/GHSA-vv66-6rp4-wr4f