Skip to main content
Regulatory Triage ICT Providers

HashiCorp

Dev Platforms & CI/CD

Period: 7d 14d 30d 90d
4
Open CVEs
0
Exploited
0
KEV
4
Unpatched
4
No Workaround
4
Internet-facing

Why this provider is risky now

This provider has 4 open CVE(s) in the last 7 days. 4 have no vendor patch. 4 affect internet-facing services. 3 impact the management/identity plane.

4 Unpatched 3 Mgmt / Admin Plane 4 No Workaround 4 Internet-facing

Top Risky CVEs

CVE-2026-8903
This Month
Unpatched
Cross-Site Request Forgery in the Two-factor Authentication (formerly IP Vault) WordPress plugin versions up to and including 2.1 enables unauthenticated remote attackers to manipulate the plugin's firewall rules and 2FA configuration - potentially disabling protection entirely - by inducing an authenticated site administrator to click a crafted link. The vulnerable surface is the `ipv_save_changes` function in `admin-settings.php`, which lacks proper nonce validation. No public exploit has been identified at time of analysis, and EPSS at 0.02% (6th percentile) reflects very low automated exploitation probability, though the downstream security impact of silently disabling 2FA or firewall rules is disproportionate to the raw CVSS score of 4.3.
Edge exposure ICT dependency
Why flagged?
4.3
CVSS
0.0%
EPSS
22
Priority
CVE-2026-9223
Monitor
Unpatched
Missing authorization in the vault import feature in Devolutions Server  2026.1.16.0 and earlier allows a low-privileged authenticated user to create new vaults via a crafted import request.
Edge exposure ICT dependency Management plane
Why flagged?
4.3
CVSS
0.0%
EPSS
CVE-2026-9246
This Week
Unpatched
Improper access control in the entry documentation and attachment features in Devolutions Server allows an authenticated user with vault read access to retrieve the documentation and attachments of se
Edge exposure ICT dependency Management plane
Why flagged?
4.3
CVSS
0.0%
EPSS
CVE-2026-9248
Monitor
Unpatched
Authorization bypass in the entry duplication feature in Devolutions Server allows an authenticated user with write access to any vault to copy documentation and attachments from an entry in a vault t
Edge exposure ICT dependency Management plane
Why flagged?
2.6
CVSS
0.0%
EPSS

By Exposure

Internet-facing
4
Mgmt / Admin Plane
3
Identity / Auth
2
Internal only
0

By Exploitability

Known exploited
0
Public PoC
0
High EPSS (>30%)
0
Remote unauthenticated
1
Local only
0

By Remediation

Patch available
0
No patch
4
Workaround available
0
No workaround
4

Affected Services / Product Families

Hashicorp
4 CVE(s)
CVE-2026-9223 Unpatched
CVE-2026-9246 Unpatched
CVE-2026-9248 Unpatched
CVE-2026-8903 MEDIUM Unpatched

Recommended Actions

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy