Severity by source
AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L
Primary rating from GitHub Advisory · only source for this CVE.
CVSS VectorGitHub Advisory
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L
Lifecycle Timeline
6DescriptionGitHub Advisory
OpenBao is an open source identity-based secrets management system. Prior to version 2.5.3, ExtractPluginFromImage() in OpenBao's OCI plugin downloader extracts a plugin binary from a container image by streaming decompressed tar data via io.Copy with no upper bound on the number of bytes written. An attacker who controls or compromises the OCI registry referenced in the victim's configuration can serve a crafted image containing a decompression bomb that decompresses to an arbitrarily large file. The SHA256 integrity check occurs after the full file is written to disk, meaning the hash mismatch is detected only after the damage (disk exhaustion) has already occurred. This allow the attacker to replace legit plugin image with no need to change its signature. Version 2.5.3 contains a patch.
AnalysisAI
Disk exhaustion via decompression bomb in OpenBao's OCI plugin downloader allows network attackers to exhaust victim disk resources by serving a crafted container image. The vulnerability exists in ExtractPluginFromImage() which writes decompressed tar streams without size bounds, and validates SHA256 integrity only after the full file is written to disk. An attacker controlling or compromising the OCI registry can replace legitimate plugin images with malicious compressed payloads that decompress to arbitrarily large files, causing denial of service. OpenBao versions prior to 2.5.3 are affected; the CVSS score of 3.1 reflects low impact (availability only) but the attack requires the victim to manually trigger plugin extraction with a compromised registry configured.
Technical ContextAI
OpenBao's plugin distribution mechanism downloads container images from OCI registries and extracts embedded plugin binaries using the ExtractPluginFromImage() function. The root cause (CWE-400: Uncontrolled Resource Consumption) stems from the use of io.Copy() without size limits when decompressing tar-formatted image layers. Unlike secure implementations that validate decompressed size before writing or enforce maximum read bounds, OpenBao's code streams all decompressed data directly to disk. The SHA256 integrity check, intended as a trust boundary, executes after file write completion rather than during the stream, making it ineffective as a denial-of-service mitigation. The vulnerability specifically affects the plugin bootstrap flow where users reference external OCI registries (such as Docker Hub, private registries, or compromised public registries) in their OpenBao configuration.
RemediationAI
Upgrade to OpenBao version 2.5.3 or later, which implements size-bounded decompression in ExtractPluginFromImage() and validates SHA256 prior to or during extraction. The patched version adds maximum file size limits to the decompression stream, preventing arbitrarily large files from being written. If immediate upgrade is not possible, restrict access to OCI registries by implementing network-level controls: configure firewall rules to permit OpenBao to connect only to trusted, internal registries or use registry mirrors you control and audit regularly. Alternatively, disable OCI plugin loading entirely (if not required) via OpenBao's plugin configuration, falling back to pre-downloaded or locally-staged plugins. Be aware that disabling OCI plugins may impact plugin update workflows and require manual plugin management. Validate all configured registry endpoints in OpenBao configuration files and confirm they are under your organizational control or belong to verified, non-compromised sources. See GHSA-r65v-xgwc-g56j for patched release links.
Vault and Vault Enterprise (“Vault”) TLS certificate auth method did not correctly validate client certificates when con
OpenBao exists to provide a software solution to manage, store, and distribute sensitive data including secrets, certifi
Vault’s SSH secrets engine did not require the valid_principals list to contain a value by default. Rated high severity
OpenBao versions before 2.3.0 contain an unauthenticated denial-of-service vulnerability in the root rekey and recovery
OpenBao is an open source identity-based secrets management system. Rated high severity (CVSS 7.5), this vulnerability i
Vault Community and Vault Enterprise (“Vault”) clusters using Vault’s Integrated Storage backend are vulnerable to a den
A privileged Vault operator with write permissions to the root namespace’s identity endpoint could escalate their own or
OpenBao exists to provide a software solution to manage, store, and distribute sensitive data including secrets, certifi
Vault Community and Vault Enterprise Key/Value (kv) Version 2 plugin may unintentionally expose sensitive information in
OpenBao exists to provide a software solution to manage, store, and distribute sensitive data including secrets, certifi
OpenBao versions prior to 2.5.3 allow high-privileged administrators in one tenant to revoke or renew authentication tok
OpenBao exists to provide a software solution to manage, store, and distribute sensitive data including secrets, certifi
Same weakness CWE-400 – Uncontrolled Resource Consumption
View allSame technique Denial Of Service
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-24031
GHSA-r65v-xgwc-g56j