OpenBao’s Namespace Deletion May Not Delete Data Properly_CVE-2026-42186

2.3 / 10

LOW

CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N

Description

OpenBao is an open source identity-based secrets management system. Prior to 2.5.3, when OpenBao's initial namespace deletion fails, subsequent retries fail to properly remove all data before marking the namespace as deleted. This can affect any outstanding leases as well as potentially leaving unrelated storage entries around. This vulnerability is fixed in 2.5.3.

Basic Information

ID CVE-2026-42186

Source GitHub_M

Published May 14, 2026 at 14:36

Modified May 14, 2026 at 15:36

Affected Product

Vendor openbao

Product openbao

Version < 2.5.3

Affected Versions openbao openbao < 2.5.3

CWE Classification

CWE-212

References

{
    "lastseen": "",
    "description": "OpenBao is an open source identity-based secrets management system. Prior to 2.5.3, when OpenBao's initial namespace deletion fails, subsequent retries fail to properly remove all data before marking the namespace as deleted. This can affect any outstanding leases as well as potentially leaving unrelated storage entries around. This vulnerability is fixed in 2.5.3.",
    "published": "2026-05-14T14:36:14.197Z",
    "modified": "2026-05-14T15:36:42.480Z",
    "type": "cve",
    "title": "OpenBao's Namespace Deletion May Not Delete Data Properly",
    "source": "GitHub_M",
    "references": "https://github.com/openbao/openbao/security/advisories/GHSA-vv66-6rp4-wr4f\nhttps://github.com/openbao/openbao/commit/6d2e0506e2b41be0eaa6643bf7b4efc9a2c09445\nhttps://github.com/openbao/openbao/releases/tag/v2.5.3",
    "id": "CVE-2026-42186",
    "bulletinFamily": "",
    "cwe": [
        "CWE-212"
    ],
    "cvelist": null,
    "sourceData": "openbao openbao < 2.5.3",
    "sourceHref": "",
    "cvss": {
        "score": 2.3,
        "severity": "LOW",
        "vector": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "openbao",
    "version": "< 2.5.3",
    "vendor": "openbao",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}