Bug 2459948 (CVE-2026-39388)
| Summary: | CVE-2026-39388 OpenBao: OpenBao: Token renewal vulnerability via incorrect certificate matching in Certificate authentication. | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | OSIDB Bzimport <bzimport> |
| Component: | vulnerability | Assignee: | Product Security DevOps Team <prodsec-dev> |
| Status: | NEW --- | QA Contact: | |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | unspecified | Keywords: | Security |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | --- | |
| Doc Text: |
A flaw was found in OpenBao, an open source identity-based secrets management system. When renewing tokens using the Certificate authentication method with `disable_binding=true`, the system incorrectly verifies the presented mTLS (mutual Transport Layer Security) certificate. This vulnerability allows an attacker, who possesses a certificate and key signed by the same Certificate Authority (CA) as the original, to renew tokens. Such an action could extend the lifetime of dynamic leases associated with the original token, provided the attacker has knowledge of the original token or its accessor.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | Type: | --- | |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 2460056, 2460057 | ||
| Bug Blocks: | |||
|
Description
OSIDB Bzimport
2026-04-21 02:01:46 UTC
|