CVE-2026-40264

Summary

OpenBao is an open source identity-based secrets management system. OpenBao's namespaces provide multi-tenant separation. Prior to version 2.5.3, a tenant who leaks token accessors can have their token revoked or renewed by a privileged administrator in another tenant. This is addressed in v2.5.3.

Affected Software

VendorProductVersion RangeStatus
openbaoopenbao< 2.5.3affected

Weaknesses

  • CWE-1259: CWE-1259: Improper Restriction of Security Token Assignment

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References