CVE-2026-43639

NVD data not available for this CVE. It may be pending analysis or not yet published.

Related Intelligence (1)

NVD CRITICAL: CVE-2026-43639 — Bitwarden Server prior to v2026.4.0 contains a missing authorization vulnerabili...

Bitwarden Server prior to v2026.4.0 contains a missing authorization vulnerability that allows a provider service user to add an arbitrary organization to their provider via `POST /providers/{providerId}/clients/existing`, resulting in takeover of the target organization; self-hosted installations are unaffected as this endpoint is restricted to Cloud via SelfHosted(NotSelfHostedOnly = true).

CVE-2026-43639

May 11, 2026NIST NVD