Skip to main content

Openbao

17 CVEs product

Monthly

CVE-2026-40264 Go LOW PATCH GHSA Monitor

OpenBao versions prior to 2.5.3 allow high-privileged administrators in one tenant to revoke or renew authentication tokens belonging to users in other tenants if the token accessor is disclosed, bypassing the multi-tenant isolation guarantee. The vulnerability requires high privilege level and user interaction but undermines the core security boundary of OpenBao's namespace-based multi-tenancy model. No active exploitation has been reported.

Information Disclosure Openbao
NVD GitHub VulDB
CVSS 4.0
2.0
EPSS
0.0%
CVE-2026-39396 Go LOW PATCH GHSA Monitor

Disk exhaustion via decompression bomb in OpenBao's OCI plugin downloader allows network attackers to exhaust victim disk resources by serving a crafted container image. The vulnerability exists in ExtractPluginFromImage() which writes decompressed tar streams without size bounds, and validates SHA256 integrity only after the full file is written to disk. An attacker controlling or compromising the OCI registry can replace legitimate plugin images with malicious compressed payloads that decompress to arbitrarily large files, causing denial of service. OpenBao versions prior to 2.5.3 are affected; the CVSS score of 3.1 reflects low impact (availability only) but the attack requires the victim to manually trigger plugin extraction with a compromised registry configured.

Denial Of Service Openbao
NVD GitHub VulDB
CVSS 3.1
3.1
EPSS
0.0%
CVE-2025-64761 Go HIGH PATCH This Week

OpenBao is an open source identity-based secrets management system. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

Privilege Escalation Openbao Suse
NVD GitHub
CVSS 4.0
7.5
EPSS
0.1%
CVE-2025-55003 Go MEDIUM PATCH This Month

OpenBao exists to provide a software solution to manage, store, and distribute sensitive data including secrets, certificates, and keys. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Openbao Suse
NVD GitHub
CVSS 3.1
5.7
EPSS
0.0%
CVE-2025-55001 Go MEDIUM PATCH This Month

OpenBao exists to provide a software solution to manage, store, and distribute sensitive data including secrets, certificates, and keys. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Openbao Suse
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-55000 Go MEDIUM PATCH This Month

OpenBao exists to provide a software solution to manage, store, and distribute sensitive data including secrets, certificates, and keys. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Openbao Suse
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-54999 Go LOW PATCH Monitor

OpenBao exists to provide a software solution to manage, store, and distribute sensitive data including secrets, certificates, and keys. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Openbao
NVD GitHub
CVSS 3.1
3.7
EPSS
0.0%
CVE-2025-54998 Go MEDIUM PATCH This Month

OpenBao exists to provide a software solution to manage, store, and distribute sensitive data including secrets, certificates, and keys. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Openbao Suse
NVD GitHub
CVSS 3.1
5.3
EPSS
0.0%
CVE-2025-54997 Go CRITICAL PATCH Act Now

OpenBao exists to provide a software solution to manage, store, and distribute sensitive data including secrets, certificates, and keys. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Code Injection Information Disclosure Openbao Suse
NVD GitHub
CVSS 3.1
9.1
EPSS
0.2%
CVE-2025-54996 Go HIGH PATCH This Month

OpenBao exists to provide a software solution to manage, store, and distribute sensitive data including secrets, certificates, and keys. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Information Disclosure Openbao Suse
NVD GitHub
CVSS 3.1
7.2
EPSS
0.1%
CVE-2025-52894 Go HIGH PATCH This Week

OpenBao versions before 2.3.0 contain an unauthenticated denial-of-service vulnerability in the root rekey and recovery rekey endpoints that allows attackers to cancel critical key management operations without authentication or audit logging. This affects organizations using OpenBao for secrets management, and the high CVSS 7.5 score reflects the availability impact, though the vulnerability requires no special privileges or user interaction to exploit.

Denial Of Service Authentication Bypass Openbao Suse
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-52893 Go MEDIUM PATCH This Month

OpenBao exists to provide a software solution to manage, store, and distribute sensitive data including secrets, certificates, and keys. OpenBao before v2.3.0 may leak sensitive information in logs when processing malformed data. This is separate from the earlier HCSEC-2025-09 / CVE-2025-4166. This issue has been fixed in OpenBao v2.3.0 and later. Like with HCSEC-2025-09, there is no known workaround except to ensure properly formatted requests from all clients.

Information Disclosure Ubuntu Debian Openbao Suse
NVD GitHub
CVSS 3.1
4.5
EPSS
0.0%
CVE-2025-4166 Go MEDIUM PATCH This Month

Vault Community and Vault Enterprise Key/Value (kv) Version 2 plugin may unintentionally expose sensitive information in server and audit logs when users submit malformed payloads during secret. Rated medium severity (CVSS 4.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Hashicorp Information Disclosure Vault Openbao Red Hat +1
NVD
CVSS 3.1
4.5
EPSS
0.1%
CVE-2024-8185 Go HIGH PATCH This Week

Vault Community and Vault Enterprise (“Vault”) clusters using Vault’s Integrated Storage backend are vulnerable to a denial-of-service (DoS) attack through memory exhaustion through a Raft cluster. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Hashicorp Denial Of Service Vault Openbao
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-9180 Go HIGH PATCH This Week

A privileged Vault operator with write permissions to the root namespace’s identity endpoint could escalate their own or another user’s privileges to Vault’s root policy. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Hashicorp Openbao Vault
NVD
CVSS 3.1
7.2
EPSS
0.5%
CVE-2024-7594 Go HIGH PATCH This Week

Vault’s SSH secrets engine did not require the valid_principals list to contain a value by default. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Hashicorp Information Disclosure Vault Openbao
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2024-2048 Go CRITICAL PATCH Act Now

Vault and Vault Enterprise (“Vault”) TLS certificate auth method did not correctly validate client certificates when configured with a non-CA certificate as trusted certificate. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Hashicorp Vault Openbao
NVD
CVSS 3.1
9.8
EPSS
0.4%
EPSS 0% CVSS 2.0
LOW PATCH Monitor

OpenBao versions prior to 2.5.3 allow high-privileged administrators in one tenant to revoke or renew authentication tokens belonging to users in other tenants if the token accessor is disclosed, bypassing the multi-tenant isolation guarantee. The vulnerability requires high privilege level and user interaction but undermines the core security boundary of OpenBao's namespace-based multi-tenancy model. No active exploitation has been reported.

Information Disclosure Openbao
NVD GitHub VulDB
EPSS 0% CVSS 3.1
LOW PATCH Monitor

Disk exhaustion via decompression bomb in OpenBao's OCI plugin downloader allows network attackers to exhaust victim disk resources by serving a crafted container image. The vulnerability exists in ExtractPluginFromImage() which writes decompressed tar streams without size bounds, and validates SHA256 integrity only after the full file is written to disk. An attacker controlling or compromising the OCI registry can replace legitimate plugin images with malicious compressed payloads that decompress to arbitrarily large files, causing denial of service. OpenBao versions prior to 2.5.3 are affected; the CVSS score of 3.1 reflects low impact (availability only) but the attack requires the victim to manually trigger plugin extraction with a compromised registry configured.

Denial Of Service Openbao
NVD GitHub VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

OpenBao is an open source identity-based secrets management system. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

Privilege Escalation Openbao Suse
NVD GitHub
EPSS 0% CVSS 5.7
MEDIUM PATCH This Month

OpenBao exists to provide a software solution to manage, store, and distribute sensitive data including secrets, certificates, and keys. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Openbao Suse
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

OpenBao exists to provide a software solution to manage, store, and distribute sensitive data including secrets, certificates, and keys. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Openbao Suse
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

OpenBao exists to provide a software solution to manage, store, and distribute sensitive data including secrets, certificates, and keys. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Openbao Suse
NVD GitHub
EPSS 0% CVSS 3.7
LOW PATCH Monitor

OpenBao exists to provide a software solution to manage, store, and distribute sensitive data including secrets, certificates, and keys. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Openbao
NVD GitHub
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

OpenBao exists to provide a software solution to manage, store, and distribute sensitive data including secrets, certificates, and keys. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Openbao Suse
NVD GitHub
EPSS 0% CVSS 9.1
CRITICAL PATCH Act Now

OpenBao exists to provide a software solution to manage, store, and distribute sensitive data including secrets, certificates, and keys. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Code Injection Information Disclosure +2
NVD GitHub
EPSS 0% CVSS 7.2
HIGH PATCH This Month

OpenBao exists to provide a software solution to manage, store, and distribute sensitive data including secrets, certificates, and keys. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Information Disclosure Openbao +1
NVD GitHub
EPSS 0% CVSS 7.5
HIGH PATCH This Week

OpenBao versions before 2.3.0 contain an unauthenticated denial-of-service vulnerability in the root rekey and recovery rekey endpoints that allows attackers to cancel critical key management operations without authentication or audit logging. This affects organizations using OpenBao for secrets management, and the high CVSS 7.5 score reflects the availability impact, though the vulnerability requires no special privileges or user interaction to exploit.

Denial Of Service Authentication Bypass Openbao +1
NVD GitHub
EPSS 0% CVSS 4.5
MEDIUM PATCH This Month

OpenBao exists to provide a software solution to manage, store, and distribute sensitive data including secrets, certificates, and keys. OpenBao before v2.3.0 may leak sensitive information in logs when processing malformed data. This is separate from the earlier HCSEC-2025-09 / CVE-2025-4166. This issue has been fixed in OpenBao v2.3.0 and later. Like with HCSEC-2025-09, there is no known workaround except to ensure properly formatted requests from all clients.

Information Disclosure Ubuntu Debian +2
NVD GitHub
EPSS 0% CVSS 4.5
MEDIUM PATCH This Month

Vault Community and Vault Enterprise Key/Value (kv) Version 2 plugin may unintentionally expose sensitive information in server and audit logs when users submit malformed payloads during secret. Rated medium severity (CVSS 4.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Hashicorp Information Disclosure Vault +3
NVD
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Vault Community and Vault Enterprise (“Vault”) clusters using Vault’s Integrated Storage backend are vulnerable to a denial-of-service (DoS) attack through memory exhaustion through a Raft cluster. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Hashicorp Denial Of Service Vault +1
NVD
EPSS 1% CVSS 7.2
HIGH PATCH This Week

A privileged Vault operator with write permissions to the root namespace’s identity endpoint could escalate their own or another user’s privileges to Vault’s root policy. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Hashicorp Openbao +1
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Vault’s SSH secrets engine did not require the valid_principals list to contain a value by default. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Hashicorp Information Disclosure Vault +1
NVD
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

Vault and Vault Enterprise (“Vault”) TLS certificate auth method did not correctly validate client certificates when configured with a non-CA certificate as trusted certificate. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Hashicorp Vault +1
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy