CVE-2026-47160 | dani-garcia Vaultwarden up to 1.35.x HTTP Client src/http_client.rs should_block_address/post_resolve domain server-side request forgery

SecurityVulns

A vulnerability identified as problematic has been detected in dani-garcia Vaultwarden up to 1.35.x. The affected element is the function should_block_address/post_resolve of the file src/http_client.rs of the component HTTP Client. This manipulation of the argument domain causes server-side request forgery.

This vulnerability is tracked as CVE-2026-47160. The attack is possible to be carried out remotely. No exploit exists.VulDB Recent EntriesRead More