A vulnerability classified as problematic has been found in bitwarden server 1.35.1/2026.4.0/2026.4.1 . Affected is an unknown function of the component PreviewInvoiceController Endpoint . This manipulation causes missing authorization. This vulnerability is registered as CVE-2026-57521 . Remote exploitation of the attack is possible. No exploit is available. It is recommended to upgrade the affected component.