Vaultwarden 1.35.4 released on March 3, 2026
The Vaultwarden team released version 1.35.4 of its self-hosted password manager on Tuesday to fix three security vulnerabilities. This security update comes five days after the discovery of vulnerabilities in the open source alternative to Bitwarden.
Developers recommend immediate installation for all users hosting their own Vaultwarden instance. No technical details about the vulnerabilities have been disclosed to prevent exploitation.
Vaultwarden users affected by the update
All administrators of self-hosted Vaultwarden instances must update to version 1.35.4. Users of the official Bitwarden cloud service are not affected by these specific vulnerabilities.
The update is available through the usual distribution channels: Docker Hub, GitHub Releases, and Linux package managers. The standard update process applies with no data migration necessary.
Related: Microsoft Patch Tuesday March 2026: 79 Flaws Fixed
Related: CISA adds Ivanti EPM flaw to exploited vulnerabilities list
Related: Veeam Patches 5 Security Flaws, 3 Critical RCE Bugs
Related: Veeam Patches Four Critical RCE Flaws in Backup Software
Related: Microsoft March 2026 Patch Tuesday Fixes Critical Flaws
Three vulnerabilities fixed in Vaultwarden
Version 1.35.4 addresses three distinct security vulnerabilities identified in the Vaultwarden code. Developers have not published CVEs or technical details to limit the risk of exploitation before instances are updated.
This responsible disclosure approach follows standard practices for password managers, where user data security takes precedence over immediate technical transparency.
