Primary

Context

OpenBao Token Store Cross-Namespace Renewal and Revocation Vulnerability

Vulnerability

A vulnerability in OpenBao, an open-source identity-based secrets management system, allows for cross-namespace token renewal and revocation. This issue affects versions of OpenBao through 2.5.2. In the multi-tenant environment of OpenBao, a tenant that accidentally exposes token accessors can have their tokens manipulated by a privileged administrator in a different tenant.

Impact

Exploitation of this vulnerability allows a privileged administrator in one tenant to revoke or renew tokens of a tenant in another namespace, potentially disrupting access or functionality that relies on those tokens.

Remediation

Users can upgrade to OpenBao version 2.5.3 or later to address this vulnerability.

Added: Apr 21, 2026, 1:18 AM

Updated: Apr 21, 2026, 1:18 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

3.8

remediation

0.0

relevance

6.4

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

3.8

remediation

0.0

relevance

6.4

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

OpenBao Token Store Cross-Namespace Renewal and Revocation Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating