CVE-2026-42186
7.5 HIGHOpenBao is an open source identity-based secrets management system
Published: 2026-05-14 · Last updated: 2026-05-18
Severity and scoring
- CVSS
- 7.5 HIGH
- Vector
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
- CWE
- CWE-212
Affected products
| Vendor | Product |
|---|---|
| openbao | openbao |
Description
OpenBao is an open source identity-based secrets management system. Prior to 2.5.3, when OpenBao's initial namespace deletion fails, subsequent retries fail to properly remove all data before marking the namespace as deleted. This can affect any outstanding leases as well as potentially leaving unrelated storage entries around. This vulnerability is fixed in 2.5.3.
Source: NVD
References
Related CVEs
Same CWE
- CVE-2026-46657 — Bludit is a content management system (7.1 HIGH)
- CVE-2026-36178 — The factory reset functionality in GNCC GP5 v7.1.76 fails to clear sensitive cryptographic material in the JFFS2 configuration partition,... (4.6 MEDIUM)
- CVE-2026-45046 — Gryph provides a security layer for AI coding agents (5.5 MEDIUM)
- CVE-2026-27892 — FacturaScripts is an open source accounting and invoicing software (6.5 MEDIUM)