CVE-2026-27803 (GCVE-0-2026-27803)
Vulnerability from cvelistv5 – Published: 2026-03-04 21:40 – Updated: 2026-03-05 15:42
VLAI
Title
Vaultwarden: Collection Management Operations Allowed Without `manage` Verification for Manager Role
Summary
Vaultwarden is an unofficial Bitwarden compatible server written in Rust, formerly known as bitwarden_rs. Prior to version 1.35.4, when a Manager has manage=false for a given collection, they can still perform several management operations as long as they have access to the collection. This issue has been patched in version 1.35.4.
Severity
8.3 (High)
CWE
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://github.com/dani-garcia/vaultwarden/securi… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| dani-garcia | vaultwarden |
Affected:
< 1.35.4
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-27803",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-05T15:32:46.857026Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-05T15:42:36.935Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "vaultwarden",
"vendor": "dani-garcia",
"versions": [
{
"status": "affected",
"version": "\u003c 1.35.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Vaultwarden is an unofficial Bitwarden compatible server written in Rust, formerly known as bitwarden_rs. Prior to version 1.35.4, when a Manager has manage=false for a given collection, they can still perform several management operations as long as they have access to the collection. This issue has been patched in version 1.35.4."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269: Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863: Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-285",
"description": "CWE-285: Improper Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-04T21:40:33.495Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/dani-garcia/vaultwarden/security/advisories/GHSA-h4hq-rgvh-wh27",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/dani-garcia/vaultwarden/security/advisories/GHSA-h4hq-rgvh-wh27"
}
],
"source": {
"advisory": "GHSA-h4hq-rgvh-wh27",
"discovery": "UNKNOWN"
},
"title": "Vaultwarden: Collection Management Operations Allowed Without `manage` Verification for Manager Role"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-27803",
"datePublished": "2026-03-04T21:40:33.495Z",
"dateReserved": "2026-02-24T02:31:33.266Z",
"dateUpdated": "2026-03-05T15:42:36.935Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2026-27803",
"date": "2026-05-29",
"epss": "0.0006",
"percentile": "0.18973"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2026-27803\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2026-03-04T22:16:18.210\",\"lastModified\":\"2026-03-06T19:45:27.070\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Vaultwarden is an unofficial Bitwarden compatible server written in Rust, formerly known as bitwarden_rs. Prior to version 1.35.4, when a Manager has manage=false for a given collection, they can still perform several management operations as long as they have access to the collection. This issue has been patched in version 1.35.4.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L\",\"baseScore\":8.3,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":2.8,\"impactScore\":5.5}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-269\"},{\"lang\":\"en\",\"value\":\"CWE-285\"},{\"lang\":\"en\",\"value\":\"CWE-863\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:dani-garcia:vaultwarden:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.35.4\",\"matchCriteriaId\":\"3EE3AB66-F61B-479C-A6C3-C2EEEB6FD55A\"}]}]}],\"references\":[{\"url\":\"https://github.com/dani-garcia/vaultwarden/security/advisories/GHSA-h4hq-rgvh-wh27\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Vendor Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-27803\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-03-05T15:32:46.857026Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-03-05T15:32:47.918Z\"}}], \"cna\": {\"title\": \"Vaultwarden: Collection Management Operations Allowed Without `manage` Verification for Manager Role\", \"source\": {\"advisory\": \"GHSA-h4hq-rgvh-wh27\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 8.3, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"LOW\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"HIGH\"}}], \"affected\": [{\"vendor\": \"dani-garcia\", \"product\": \"vaultwarden\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003c 1.35.4\"}]}], \"references\": [{\"url\": \"https://github.com/dani-garcia/vaultwarden/security/advisories/GHSA-h4hq-rgvh-wh27\", \"name\": \"https://github.com/dani-garcia/vaultwarden/security/advisories/GHSA-h4hq-rgvh-wh27\", \"tags\": [\"x_refsource_CONFIRM\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Vaultwarden is an unofficial Bitwarden compatible server written in Rust, formerly known as bitwarden_rs. Prior to version 1.35.4, when a Manager has manage=false for a given collection, they can still perform several management operations as long as they have access to the collection. This issue has been patched in version 1.35.4.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-269\", \"description\": \"CWE-269: Improper Privilege Management\"}]}, {\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-863\", \"description\": \"CWE-863: Incorrect Authorization\"}]}, {\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-285\", \"description\": \"CWE-285: Improper Authorization\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2026-03-04T21:40:33.495Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2026-27803\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-03-05T15:42:36.935Z\", \"dateReserved\": \"2026-02-24T02:31:33.266Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2026-03-04T21:40:33.495Z\", \"assignerShortName\": \"GitHub_M\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
FKIE_CVE-2026-27803
Vulnerability from fkie_nvd - Published: 2026-03-04 22:16 - Updated: 2026-03-06 19:45
Severity
Summary
Vaultwarden is an unofficial Bitwarden compatible server written in Rust, formerly known as bitwarden_rs. Prior to version 1.35.4, when a Manager has manage=false for a given collection, they can still perform several management operations as long as they have access to the collection. This issue has been patched in version 1.35.4.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dani-garcia | vaultwarden | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:dani-garcia:vaultwarden:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3EE3AB66-F61B-479C-A6C3-C2EEEB6FD55A",
"versionEndExcluding": "1.35.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Vaultwarden is an unofficial Bitwarden compatible server written in Rust, formerly known as bitwarden_rs. Prior to version 1.35.4, when a Manager has manage=false for a given collection, they can still perform several management operations as long as they have access to the collection. This issue has been patched in version 1.35.4."
},
{
"lang": "es",
"value": "Vaultwarden es un servidor compatible con Bitwarden no oficial escrito en Rust, anteriormente conocido como bitwarden_rs. Antes de la versi\u00f3n 1.35.4, cuando un Gestor tiene manage=false para una colecci\u00f3n determinada, a\u00fan puede realizar varias operaciones de gesti\u00f3n siempre que tenga acceso a la colecci\u00f3n. Este problema ha sido parcheado en la versi\u00f3n 1.35.4."
}
],
"id": "CVE-2026-27803",
"lastModified": "2026-03-06T19:45:27.070",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.5,
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
},
"published": "2026-03-04T22:16:18.210",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/dani-garcia/vaultwarden/security/advisories/GHSA-h4hq-rgvh-wh27"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-269"
},
{
"lang": "en",
"value": "CWE-285"
},
{
"lang": "en",
"value": "CWE-863"
}
],
"source": "security-advisories@github.com",
"type": "Primary"
}
]
}
GHSA-H4HQ-RGVH-WH27
Vulnerability from github – Published: 2026-03-04 20:13 – Updated: 2026-03-04 20:13
VLAI
Summary
Vaultwarden's Collection Management Operations Allowed Without `manage` Verification for Manager Role
Details
Summary
Testing confirmed that even when a Manager has manage=false for a given collection, they can still perform the following management operations as long as they have access to the collection:
PUT /api/organizations/<org_id>/collections/<col_id>succeeds (HTTP 200)PUT /api/organizations/<org_id>/collections/<col_id>/userssucceeds (HTTP 200)DELETE /api/organizations/<org_id>/collections/<col_id>succeeds (HTTP 200)
Description
- The Manager guard checks only whether the user can access the collection, not whether they have
manageprivileges. This check is directly applied to management endpoints. src/auth.rs:816 ```rust
if !Collection::can_access_collection(&headers.membership, &col_id, &conn).await { err_handler!("The current user isn't a manager for this collection") } ```
- The
can_access_collectionfunction does not evaluate themanageflag. src/db/models/collection.rs:140
```rust
pub async fn can_access_collection(member: &Membership, col_id: &CollectionId, conn: &DbConn) -> bool { member.has_status(MembershipStatus::Confirmed) && (member.has_full_access() || CollectionUser::has_access_to_collection_by_user(col_id, &member.user_uuid, conn).await || ... ```
- A separate management-permission check exists and includes
managevalidation, but it is not used during authorization for the affected endpoints. src/db/models/collection.rs:516
```rust
pub async fn is_manageable_by_user(&self, user_uuid: &UserId, conn: &DbConn) -> bool { let Some(member) = Membership::find_confirmed_by_user_and_org(user_uuid, &self.org_uuid, conn).await else { return false; }; if member.has_full_access() { return true; } ... ```
- The actual update and deletion endpoints only accept
ManagerHeadersand do not perform additionalmanagechecks. src/api/core/organizations.rs:608
async fn put_organization_collection_update(..., headers: ManagerHeaders, ...)
src/api/core/organizations.rs:890
async fn put_collection_users(..., headers: ManagerHeaders, ...)
src/api/core/organizations.rs:747
rust
async fn delete_organization_collection(..., headers: ManagerHeaders, ...)
Preconditions
- The attacker is a Manager within the target organization.
- The attacker has access to the target collection (
assigned=true). - The attacker’s permission for that collection is
manage=false. - A valid API access token has been obtained.
Steps to Reproduce
-
Confirm that the attacker’s current permissions for the target collection include
manage=false. -
As a control test, verify that update operations fail for collections the attacker cannot access.
-
Confirm that update operations succeed for the target collection where
manage=false. -
Use
PUT /collections/{col_id}/usersto setmanage=true, confirming that the attacker can escalate their own privileges. -
Verify that deletion of the collection succeeds despite the Manager lacking management rights.
Required Minimum Privileges
- Organization Manager role (Owner/Admin privileges are not required)
- Works even with
access_all=false - Only access rights to the target collection are required (
manageprivilege is not required)
Attack Scenario
A restricted Manager (intended for read/use-only access) directly invokes the API to update collection settings, elevate their own privileges to manage=true, and even delete the collection.
This allows the user to bypass operational access restrictions and effectively gain administrator-equivalent control over the collection.
Potential Impact
- Confidentiality: Expansion of access scope through unauthorized privilege escalation and configuration changes.
- Integrity: Unauthorized modification of collection settings and assignments; potential disabling of access controls.
- Availability: Deletion of collections may disrupt business operations.
Severity
8.3 (High)
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 1.35.3"
},
"package": {
"ecosystem": "crates.io",
"name": "vaultwarden"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.35.4"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-27803"
],
"database_specific": {
"cwe_ids": [
"CWE-269",
"CWE-285",
"CWE-863"
],
"github_reviewed": true,
"github_reviewed_at": "2026-03-04T20:13:44Z",
"nvd_published_at": null,
"severity": "HIGH"
},
"details": "## Summary\n\nTesting confirmed that even when a Manager has `manage=false` for a given collection, they can still perform the following management operations as long as they have access to the collection:\n\n* `PUT /api/organizations/\u003corg_id\u003e/collections/\u003ccol_id\u003e` succeeds (HTTP 200)\n* `PUT /api/organizations/\u003corg_id\u003e/collections/\u003ccol_id\u003e/users` succeeds (HTTP 200)\n* `DELETE /api/organizations/\u003corg_id\u003e/collections/\u003ccol_id\u003e` succeeds (HTTP 200)\n\n\n\n## Description\n\n* The Manager guard checks only whether the user **can access the collection**, not whether they have `manage` privileges. This check is directly applied to management endpoints.\nsrc/auth.rs:816\n ```rust\n\n if !Collection::can_access_collection(\u0026headers.membership, \u0026col_id, \u0026conn).await {\n err_handler!(\"The current user isn\u0027t a manager for this collection\")\n }\n ```\n\n* The `can_access_collection` function does **not** evaluate the `manage` flag.\n src/db/models/collection.rs:140\n\n ```rust\n\n pub async fn can_access_collection(member: \u0026Membership, col_id: \u0026CollectionId, conn: \u0026DbConn) -\u003e bool {\n member.has_status(MembershipStatus::Confirmed)\n \u0026\u0026 (member.has_full_access()\n || CollectionUser::has_access_to_collection_by_user(col_id, \u0026member.user_uuid, conn).await\n || ...\n ```\n\n* A separate management-permission check exists and includes `manage` validation, but it is **not used** during authorization for the affected endpoints.\n src/db/models/collection.rs:516\n\n ```rust\n\n pub async fn is_manageable_by_user(\u0026self, user_uuid: \u0026UserId, conn: \u0026DbConn) -\u003e bool {\n let Some(member) = Membership::find_confirmed_by_user_and_org(user_uuid, \u0026self.org_uuid, conn).await else {\n return false;\n };\n if member.has_full_access() {\n return true;\n }\n ...\n ```\n\n* The actual update and deletion endpoints only accept `ManagerHeaders` and do not perform additional `manage` checks.\n src/api/core/organizations.rs:608\n\n```rust\n async fn put_organization_collection_update(..., headers: ManagerHeaders, ...)\n```\n\n src/api/core/organizations.rs:890\n\n```rust\n async fn put_collection_users(..., headers: ManagerHeaders, ...)\n```\n \n\nsrc/api/core/organizations.rs:747\n\n```rust\n async fn delete_organization_collection(..., headers: ManagerHeaders, ...)\n ```\n\n\n\n## Preconditions\n\n* The attacker is a **Manager** within the target organization.\n* The attacker has access to the target collection (`assigned=true`).\n* The attacker\u2019s permission for that collection is `manage=false`.\n* A valid API access token has been obtained.\n\n\n\n## Steps to Reproduce\n\n1. Confirm that the attacker\u2019s current permissions for the target collection include `manage=false`.\n\u003cimg width=\"2015\" height=\"636\" alt=\"image\" src=\"https://github.com/user-attachments/assets/58ddc733-e37c-4766-a980-b1ea1918ceb4\" /\u003e\n\n2. As a control test, verify that update operations fail for collections the attacker cannot access.\n\u003cimg width=\"2021\" height=\"852\" alt=\"image\" src=\"https://github.com/user-attachments/assets/d8699442-2dfc-4d73-8940-ec10f4a175f0\" /\u003e\n\n3. Confirm that update operations succeed for the target collection where `manage=false`.\n\u003cimg width=\"2013\" height=\"690\" alt=\"image\" src=\"https://github.com/user-attachments/assets/33d9845d-d18e-456c-a58c-e780911347a9\" /\u003e\n\n4. Use `PUT /collections/{col_id}/users` to set `manage=true`, confirming that the attacker can escalate their own privileges.\n\u003cimg width=\"2018\" height=\"488\" alt=\"image\" src=\"https://github.com/user-attachments/assets/da8c5246-cf2a-46c2-9a25-e99d907f852d\" /\u003e\n\n5. Verify that deletion of the collection succeeds despite the Manager lacking management rights.\n\u003cimg width=\"2018\" height=\"487\" alt=\"image\" src=\"https://github.com/user-attachments/assets/a97c8fb2-4f97-4c2a-a90b-9d95dbde84fd\" /\u003e\n\n\n\n## Required Minimum Privileges\n\n* Organization Manager role (Owner/Admin privileges are not required)\n* Works even with `access_all=false`\n* Only access rights to the target collection are required (`manage` privilege is not required)\n\n\n\n## Attack Scenario\n\nA restricted Manager (intended for read/use-only access) directly invokes the API to update collection settings, elevate their own privileges to `manage=true`, and even delete the collection.\n\nThis allows the user to bypass operational access restrictions and effectively gain administrator-equivalent control over the collection.\n\n\n\n## Potential Impact\n\n* **Confidentiality:** Expansion of access scope through unauthorized privilege escalation and configuration changes.\n* **Integrity:** Unauthorized modification of collection settings and assignments; potential disabling of access controls.\n* **Availability:** Deletion of collections may disrupt business operations.",
"id": "GHSA-h4hq-rgvh-wh27",
"modified": "2026-03-04T20:13:44Z",
"published": "2026-03-04T20:13:44Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/dani-garcia/vaultwarden/security/advisories/GHSA-h4hq-rgvh-wh27"
},
{
"type": "PACKAGE",
"url": "https://github.com/dani-garcia/vaultwarden"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L",
"type": "CVSS_V3"
}
],
"summary": "Vaultwarden\u0027s Collection Management Operations Allowed Without `manage` Verification for Manager Role"
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…