mirror of
https://github.com/dani-garcia/vaultwarden.git
synced 2026-07-18 09:52:56 -05:00
[GH-ISSUE #7109] Use sub-path and change admin path will bypass htpasswd_file authentication #39862
Reference in New Issue
Block a user
Delete Branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Originally created by @quyleanh on GitHub (Apr 18, 2026).
Original GitHub issue: https://github.com/dani-garcia/vaultwarden/issues/7109
Prerequisites
Vaultwarden Support String
Your environment (Generated via diagnostics page)
Config & Details (Generated via diagnostics page)
Show Config & Details
Environment settings which are overridden: DOMAIN, SIGNUPS_ALLOWED, ADMIN_TOKEN
Failed HTTP Checks:
Config:
Vaultwarden Build Version
v1.35.7
Deployment method
Official Container Image
Custom deployment method
No response
Reverse Proxy
nginx version: nginx/1.18.0 (Ubuntu)
Host/Server Operating System
Linux
Operating System Version
Ubuntu 22.04.5 LTS
Clients
Web Vault
Client Version
Microsoft Edge Version 147.0.3912.72 (Official build) (x86_64)
Steps To Reproduce
adminsubpath to any subpath stringExpected Result
The admin page with
adminpath should not be accessibleActual Result
The admin page with
adminpath is still accessible, no enter username password dialog. Even there is no nginx config for that, and the subpath is changed and is notadminanymore.Logs
Screenshots or Videos
No response
Additional Context
No response
@stefan0xC commented on GitHub (Apr 18, 2026):
What's the point of this report?