Package impact
Go / github.com/openbao/openbao
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-39396 | medium | 6.5 | 6.5 | 1mo ago | OpenBao: Decompression Bomb via Unbounded Copy in OCI Plugin Extraction (DoS) | |||
| CVE-2026-46405 | unknown | — | — | 6d ago | OpenBao's Kerberos Auth Method Accumulates Unaccessible Tokens | |||
| CVE-2026-46358 | unknown | — | — | 6d ago | OpenBao's Inline Auth Incorrectly Redacted Headers | |||
| CVE-2026-45808 | unknown | — | — | 6d ago | OpenBao's cross-namespace lease revocation via legacy sys/revoke path bypasses ACL |