NVD CRITICAL: CVE-2026-43914 — Vaultwarden is a Bitwarden-compatible server written in Rust. Prior to 1.35.4, t...
Vaultwarden is a Bitwarden-compatible server written in Rust. Prior to 1.35.4, there is a security vulnerability in Vaultwarden that allows bypassing the login brute-force protection if email 2fa is enabled. If email 2fa is enabled, the unprotected 2fa-function send_email_login (email.rs, api endpoint /api/two-factor/send-email-login) also acts as an oracle determining whether a username-password
CVE-2026-43914