CVE-2026-60104 | bitwarden Server 1.35.1/2026.4.0/2026.4.1/2026.5.0 Admin Request admin-request email improper authentication
A vulnerability was found in bitwarden Server 1.35.1/2026.4.0/2026.4.1/2026.5.0. It has been declared as critical. This impacts an unknown function of the file /auth-requests/admin-request of the component Admin Request Handler. Such manipulation of the argument email leads to improper authentication.
This vulnerability is uniquely identified as CVE-2026-60104. The attack can be launched remotely. No exploit exists.