CVE-2026-57520 | bitwarden server 1.35.1/2026.4.0/2026.4.1 Bulk user-remove Endpoint authorization

A vulnerability classified as problematic was found in bitwarden server 1.35.1/2026.4.0/2026.4.1. Impacted is an unknown function of the component Bulk user-remove Endpoint. Executing a manipulation can lead to missing authorization.

This vulnerability appears as CVE-2026-57520. The attack may be performed from remote. There is no available exploit.

Upgrading the affected component is advised.VulDB Recent EntriesRead More