Unable to add attachments to notes on self-hosted BitWarden

NerdyAutomator · November 18, 2025, 5:33pm

Hello, I thought I had this resolved in the past, but the fix I used previously doesn’t seem to be working after I performed an update today on my self-hosted BitWarden instance.

I host BitWarden on a non-standard port, and typically have to edit the global overrides baseServiceUri__vault value to include the port after an update.

This no longer appears to be fixing the issue, and I can’t add attachments to my notes. Is there another fix action I am missing for self-hosted BitWarden?

This happens when I use the browser extension and when I browse directly to the vault web UI itself.

grb · November 18, 2025, 5:37pm

First, please post a screenshot of the information displayed in the Dashboard of your Admin Portal, including the server version.

Second, please confirm that you have a Premium subscription, and that you have applied your Premium license, as described here.

Nail1684 · November 18, 2025, 5:46pm

This was reported on GitHub:

github.com/bitwarden/clients

Unable to save attachments / Fresh self-hosted Families Organization Installation

opened 07:47AM - 15 Nov 25 UTC

PetrosStavrakakis

bug desktop

### Steps To Reproduce 1. Add Login 2. Add File Attachment ### Expected Result… Add a File to a login succesfully. ### Actual Result Error in bitwarden-api Container ### Screenshots or Videos _No response_ ### Additional Context Hi to all, I using the two-weeks Trial for the Families Organization. I am selfhosting Bitwarden at Home in a PVE LXC Container with Ubuntu 25.04. Installation works smoothless with the Linux Standard Deployment Documentation. Versions of Software used: Docker 29.0.1, build eedd969. containerd containerd.io v2.1.5 fcd43222d6b07379a4be9786bda52438f0dd16a1 Web UI Version 2025.11.1+28469e0 Desktop Client is: ----- Version 2025.11.0 SDK 'main (8ef7951)' Shell 37.7.0 Renderer 138.0.7204.251 Node 22.20.0 Architecture x64 ------ The Caddy-Implementation on OpnSense on my "DialUp" is used as a reverse_proxy for Bitwarden. The LicenseFile was succesfully imported via Admin Console So far so good. Importing Login Data works. Adding an Organization works too. Adding a File Attachment to a login throws following error --------------- fail: Bit.Api.Utilities.ExceptionHandlerFilterAttribute[0] => SpanId:20057fd40d414adc, TraceId:e58a01ad1e1fe6ac98ac651d4516520f, ParentId:0000000000000000 => ConnectionId:0HNH42RFM5D6Q => RequestPath:/ciphers/7b12671c-2a3c-4bf8-af7c-b3960071a477/attachment/suut07frt7ejttgsr0tuvngxz099dvl2 RequestId:0HNH42RFM5D6Q:00000001 => IpAddress:::ffff:172.19.0.9 UserAgent:Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.7204.251 Safari/537.36 DeviceType:6 Origin:6 ClientVersion:2025.11.0 => Bit.Api.Vault.Controllers.CiphersController.PostFileForExistingAttachment (Api) Unhandled exception System.IO.IOException: Unexpected end of Stream, the content may have already been read by another component. at Microsoft.AspNetCore.WebUtilities.MultipartReaderStream.ReadAsync(Memory`1 buffer, CancellationToken cancellationToken) at Microsoft.AspNetCore.WebUtilities.StreamHelperExtensions.DrainAsync(Stream stream, ArrayPool`1 bytePool, Nullable`1 limit, CancellationToken cancellationToken) at Microsoft.AspNetCore.WebUtilities.MultipartReader.ReadNextSectionAsync(CancellationToken cancellationToken) at Bit.Api.Utilities.MultipartFormDataHelper.GetFileAsync(HttpRequest request, Func`2 callback) in /source/src/Api/Utilities/MultipartFormDataHelper.cs:line 109 at Bit.Api.Vault.Controllers.CiphersController.PostFileForExistingAttachment(Guid id, String attachmentId) in /source/src/Api/Vault/Controllers/CiphersController.cs:line 1425 at Microsoft.AspNetCore.Mvc.Infrastructure.ActionMethodExecutor.TaskResultExecutor.Execute(ActionContext actionContext, IActionResultTypeMapper mapper, ObjectMethodExecutor executor, Object controller, Object[] arguments) at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.<InvokeActionMethodAsync>g__Logged|12_1(ControllerActionInvoker invoker) at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.<InvokeNextActionFilterAsync>g__Awaited|10_0(ControllerActionInvoker invoker, Task lastTask, State next, Scope scope, Object state, Boolean isCompleted) at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.Rethrow(ActionExecutedContextSealed context) at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.Next(State& next, Scope& scope, Object& state, Boolean& isCompleted) at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.<InvokeInnerFilterAsync>g__Awaited|13_0(ControllerActionInvoker invoker, Task lastTask, State next, Scope scope, Object state, Boolean isCompleted) at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.<InvokeNextExceptionFilterAsync>g__Awaited|26_0(ResourceInvoker invoker, Task lastTask, State next, Scope scope, Object state, Boolean isCompleted) -------------- Adding a login to a fresh install without importing data and trying to save an attachment does not work either. At work i self-host a Bitwarden Server with a business Enterprise Licence. The Version currently deployed there is Bitwarden Server 2025.10.1 with WebVersion 2025.10.1. In this Installation saving the attachments works flawlessly and i am worried if i upgrade the installation at work it will blow. I don't think i did something wrong with the new installation...As I said "by the book". Can someone help me with this? With kind regards, Petros Stavrakakis ### Operating System Linux ### Operating System Version Ubuntu 25.04 ### Installation method Direct Download (from bitwarden.com) ### Build Version Version 2025.11.0 SDK 'main (8ef7951)' Shell 37.7.0 Renderer 138.0.7204.251 Node 22.20.0 Architecture x64 ### Issue Tracking Info - [x] I understand that work is tracked outside of GitHub. A PR will be linked to this issue should one be opened to address it, but Bitwarden doesn't use fields like "assigned", "milestone", or "project" to track progress.

And I think a fix could already be on it’s way:

github.com/bitwarden/server

[PM-28285] Bugfix: Fix attachment uploads on selfhosted instances

main ← vault/pm-28285/attachment-upload-bugfix

opened 12:09AM - 18 Nov 25 UTC

nikwithak

+6 -137

## 🎟️ Tracking https://bitwarden.atlassian.net/browse/PM-28285 ## 📔 Object…ive Reverts the check for LastKnownRevisionDate for some Attachment operations that are consuming the request before reading the file data. The client is not sending LKRD anyway, so this check isn't needed. ## ⏰ Reminders before review - Contributor guidelines followed - All formatters and local linters executed and passed - Written new unit and / or integration tests where applicable - Protected functional changes with optionality (feature flags) - Used internationalization (i18n) for all UI strings - CI builds passed - Communicated to DevOps any deployment requirements - Updated any necessary documentation (Confluence, contributing docs) or informed the documentation team ## 🦮 Reviewer guidelines - 👍 (`:+1:`) or similar for great changes - 📝 (`:memo:`) or ℹ️ (`:information_source:`) for notes or general info - ❓ (`:question:`) for questions - 🤔 (`:thinking:`) or 💭 (`:thought_balloon:`) for more open inquiry that's not quite a confirmed issue and could potentially benefit from discussion - 🎨 (`:art:`) for suggestions / improvements - ❌ (`:x:`) or ⚠️ (`:warning:`) for more significant problems or concerns needing attention - 🌱 (`:seedling:`) or ♻️ (`:recycle:`) for future improvements or indications of technical debt - ⛏ (`:pick:`) for minor or nitpick changes

NerdyAutomator · November 18, 2025, 5:51pm

Thanks! I really appreciate it