CVE-2026-40264

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2026-40264
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-40264.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2026-40264
Aliases
Downstream
Related
Published
2026-04-21T00:47:38.156Z
Modified
2026-04-24T12:16:06.082874Z
Severity
  • 2.0 (Low) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N CVSS Calculator
Summary
OpenBao's Token Store Allows Cross-Namespace Renewal, Revocation
Details

OpenBao is an open source identity-based secrets management system. OpenBao's namespaces provide multi-tenant separation. Prior to version 2.5.3, a tenant who leaks token accessors can have their token revoked or renewed by a privileged administrator in another tenant. This is addressed in v2.5.3.

Database specific 
{
    "cwe_ids": [
        "CWE-1259"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/40xxx/CVE-2026-40264.json",
    "cna_assigner": "GitHub_M"
}
References

Affected packages

Git / github.com/openbao/openbao

Affected ranges

Type
GIT
Repo
https://github.com/openbao/openbao
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
988c88d7ef54b4d4581629b229488dfba5e085ba
Database specific 
{
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "fixed": "2.5.3"
        }
    ],
    "source": "AFFECTED_FIELD"
}

Affected versions

api/auth/approle/v0.*
api/auth/approle/v0.1.0
api/auth/approle/v0.1.1
api/auth/approle/v0.2.0
api/auth/approle/v0.3.0
api/auth/approle/v0.4.0
api/auth/approle/v0.4.1
api/auth/approle/v1.*
api/auth/approle/v1.1.0-development20240408
api/auth/approle/v2.*
api/auth/approle/v2.0.1
api/auth/approle/v2.2.0
api/auth/approle/v2.3.0
api/auth/approle/v2.4.0
api/auth/approle/v2.5.0
api/auth/approle/v2.5.1
api/auth/aws/v0.*
api/auth/aws/v0.1.0
api/auth/aws/v0.2.0
api/auth/aws/v0.3.0
api/auth/aws/v0.4.0
api/auth/aws/v0.4.1
api/auth/aws/v1.*
api/auth/aws/v1.1.0-development20240408
api/auth/azure/v0.*
api/auth/azure/v0.1.0
api/auth/azure/v0.2.0
api/auth/azure/v0.3.0
api/auth/azure/v0.4.0
api/auth/azure/v0.4.1
api/auth/azure/v1.*
api/auth/azure/v1.1.0-development20240408
api/auth/gcp/v0.*
api/auth/gcp/v0.1.0
api/auth/gcp/v0.2.0
api/auth/gcp/v0.3.0
api/auth/gcp/v0.4.0
api/auth/gcp/v0.4.1
api/auth/gcp/v1.*
api/auth/gcp/v1.1.0-development20240408
api/auth/jwt/v2.*
api/auth/jwt/v2.4.0
api/auth/jwt/v2.5.0
api/auth/jwt/v2.5.1
api/auth/kubernetes/v1.*
api/auth/kubernetes/v1.1.0-development20240408
api/auth/kubernetes/v2.*
api/auth/kubernetes/v2.0.1
api/auth/kubernetes/v2.2.0
api/auth/kubernetes/v2.3.0
api/auth/kubernetes/v2.4.0
api/auth/kubernetes/v2.5.0
api/auth/kubernetes/v2.5.1
api/auth/ldap/v1.*
api/auth/ldap/v1.1.0-development20240408
api/auth/ldap/v2.*
api/auth/ldap/v2.0.1
api/auth/ldap/v2.2.0
api/auth/ldap/v2.3.0
api/auth/ldap/v2.4.0
api/auth/ldap/v2.5.0
api/auth/ldap/v2.5.1
api/auth/userpass/v0.*
api/auth/userpass/v0.1.0
api/auth/userpass/v0.2.0
api/auth/userpass/v0.3.0
api/auth/userpass/v0.4.0
api/auth/userpass/v0.4.1
api/auth/userpass/v1.*
api/auth/userpass/v1.1.0-development20240408
api/auth/userpass/v2.*
api/auth/userpass/v2.0.1
api/auth/userpass/v2.2.0
api/auth/userpass/v2.3.0
api/auth/userpass/v2.4.0
api/auth/userpass/v2.5.0
api/auth/userpass/v2.5.1
api/v1.*
api/v1.0.1
api/v1.0.2
api/v1.0.3
api/v1.0.4
api/v1.1.1
api/v1.100.0-development20240408
api/v1.2.0
api/v1.3.1
api/v1.5.0
api/v1.6.0
api/v1.7.0
api/v1.7.1
api/v1.7.2
api/v1.8.0
api/v1.8.1
api/v1.8.2
api/v1.8.3
api/v1.9.0
api/v1.9.1
api/v1.9.2
api/v2.*
api/v2.0.1
api/v2.1.0
api/v2.2.0
api/v2.3.0
api/v2.4.0
api/v2.5.0
api/v2.5.1
Other
before-plugin-removal
dev-namespaces-base-20250215
dev-namespaces-base-20250311
dev-namespaces-base-20250424
sdk/v0.*
sdk/v0.1.10
sdk/v0.1.11
sdk/v0.1.12
sdk/v0.1.13
sdk/v0.1.8
sdk/v0.1.9
sdk/v0.2.1
sdk/v0.3.0
sdk/v0.4.1
sdk/v0.5.0
sdk/v0.5.1
sdk/v0.5.3
sdk/v0.6.0
sdk/v0.6.1
sdk/v0.6.2
sdk/v0.7.0
sdk/v0.8.0
sdk/v0.9.0
sdk/v0.9.1
sdk/v1.*
sdk/v1.100.0-development20240408
sdk/v2.*
sdk/v2.0.1
sdk/v2.1.0
sdk/v2.2.0
sdk/v2.3.0
sdk/v2.4.0
sdk/v2.5.0
sdk/v2.5.1
v2.*
v2.0.0
v2.0.0-alpha20240329
v2.0.0-beta20240618
v2.1.0-beta20241114
v2.1.0-beta20241114.1
v2.1.0-beta20241114.2
v2.1.0-beta20241114.3
v2.2.0-beta20250213
v2.3.0-beta20250528
v2.4.0
v2.5.0
v2.5.0-beta20251125
v2.5.1
v2.5.2

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-40264.json"