Vulnerability Report: GO-2026-4860
- CVE-2026-33757, GHSA-7q7g-x6vg-xpc3
- Affects: github.com/openbao/openbao
- Published: Mar 26, 2026
OpenBao lacks user confirmation for OIDC direct callback mode in github.com/openbao/openbao
For detailed information about this vulnerability, visit https://github.com/openbao/openbao/security/advisories/GHSA-7q7g-x6vg-xpc3.
Affected Packages
-
PathVersionsSymbols
Aliases
References
- https://github.com/openbao/openbao/security/advisories/GHSA-7q7g-x6vg-xpc3
- https://github.com/openbao/openbao/commit/e32103951925723e9787e33886ab6b6ec20f4964
- https://datatracker.ietf.org/doc/html/rfc8628#section-5.4
- https://vuln.go.dev/ID/GO-2026-4860.json
Feedback
See anything missing or incorrect?
Suggest an edit to this report.