CVE-2026-43914 | dani-garcia vaultwarden up to 1.35.3 API Endpoint send-email-login send_email_login excessive authentication (GHSA-c5rv-q295-7w4g)

A vulnerability described as problematic has been identified in dani-garcia vaultwarden up to 1.35.3. Affected is the function send_email_login of the file /api/two-factor/send-email-login of the component API Endpoint Handler. Executing a manipulation can lead to improper restriction of excessive authentication attempts.

This vulnerability appears as CVE-2026-43914. The attack may be performed from remote. There is no available exploit.

Upgrading the affected component is recommended.VulDB Recent EntriesRead More