Main Vulnerability Database Vulnerabilities #VU132076

Inclusion of Sensitive Information in Log Files in OpenBao - CVE-2026-46358

Published: May 21, 2026

Vulnerability identifier: #VU132076

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2026-46358

CWE-ID: CWE-532

Exploitation vector: Local access

Exploit availability: No public exploit available

Vendor: OpenBao

Affected software:
OpenBao

Detailed vulnerability description

The vulnerability allows a local privileged user to disclose sensitive information.

The vulnerability exists due to improper redaction in inline auth audit log handling when recording audit log entries. A local privileged user can access an audit device containing incorrectly redacted logs to disclose sensitive information.

User interaction is passive, and exploitation requires compromise of access to the audit device.

How to mitigate CVE-2026-46358

Install security update from vendor's website.

Inclusion of Sensitive Information in Log Files in OpenBao - CVE-2026-46358

Detailed vulnerability description

How to mitigate CVE-2026-46358

Sources

Please verify you're human