CVE-2026-60104 - Bitwarden Server < 2026.6.0 Authorization Bypass via Admin Auth Request
CVE ID :CVE-2026-60104 Published : July 8, 2026, 8:17 p.m. | 58 minutes ago Description :Bitwarden Server before 2026.6.0 does not verify that the email in a POST /auth-requests/admin-request body belongs to the authenticated caller, allowing a low-privileged organization member to obtain...