Is Hashicorp affected by CVE-2026-4525?

HashiCorp Vault versions 0.11.2 through 1.19.15 and related releases inadvertently expose authentication tokens to third-party auth plugin backends when pass-through header configurations are enabled, allowing authenticated users to steal tokens and escalate privileges.

CVE-2026-4525

EUVD-2026-23345 HIGH

2026-04-17 HashiCorp

GHSA-72gw-fmmr-c4r4

Information Disclosure Hashicorp

7.5

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

High

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Updated

Apr 17, 2026 - 04:27 vuln.today

v2 (cvss_changed)

Re-analysis Queued

Apr 17, 2026 - 04:22 vuln.today

cvss_changed

patch_available

Apr 17, 2026 - 04:01 EUVD

Analysis Generated

Apr 17, 2026 - 03:34 vuln.today

DescriptionNVD

If a Vault auth mount is configured to pass through the "Authorization" header, and the "Authorization" header is used to authenticate to Vault, Vault forwarded the Vault token to the auth plugin backend. Fixed in 2.0.0, 1.21.5, 1.20.10, and 1.19.16.

AnalysisAI

HashiCorp Vault exposes authentication tokens to auth plugin backends when auth mounts are configured to pass through the 'Authorization' header. Authenticated attackers with low privileges can potentially capture Vault tokens that should remain confidential, leading to credential theft and privilege escalation. …

RemediationAI

Within 24 hours: inventory all HashiCorp Vault deployments and identify instances running versions 0.11.2-1.19.15, 1.20.0-1.20.9, 1.21.0-1.21.4, or pre-2.0.0 releases; verify auth mount configurations for 'Authorization' header pass-through settings. Within 7 days: upgrade to patched versions (2.0.0, 1.21.5, 1.20.10, or 1.19.16 per your release line); prioritize systems with auth plugins enabled and header pass-through active. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-4525 vulnerability details – vuln.today

Back

CVE-2026-4525

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

Share

External POC / Exploit Code