Skip to main content

Vault

72 CVEs product

Monthly

CVE-2026-5051 MEDIUM PATCH This Month

Plugin directory guard bypass in HashiCorp Vault and Vault Enterprise allows a highly privileged, authenticated attacker to read files outside the intended audit plugin directory via path traversal. Exploitation requires network access, high-privilege credentials, and the use of the legacy file audit path option - a non-default configuration. Fixed versions are 2.0.1, 1.21.6, 1.20.11, and 1.19.17; no public exploit or active exploitation (CISA KEV) has been identified at time of analysis.

Hashicorp Path Traversal Vault Vault Enterprise
NVD VulDB
CVSS 3.1
4.4
EPSS
0.3%
CVE-2026-5807 Go HIGH PATCH GHSA This Week

HashiCorp Vault unauthenticated denial-of-service vulnerability allows remote attackers to block critical administrative operations by monopolizing the single operation slot for root token generation and rekey workflows. Affects all Vault Community and Enterprise versions prior to 2.0.0. No active exploitation confirmed (EPSS 3rd percentile), but attack is trivially automatable per CISA SSVC framework. HashiCorp released patches in Vault Community Edition 2.0.0 and Vault Enterprise 2.0.0.

Denial Of Service Hashicorp Vault Vault Enterprise
NVD
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-4525 Go HIGH PATCH GHSA This Week

Token leakage in HashiCorp Vault and Vault Enterprise (0.11.2 up to 2.0.0, 1.21.5, 1.20.10, and 1.19.16) occurs when an auth mount is configured to pass through the 'Authorization' header and that same header is used to authenticate to Vault; in this case Vault forwards the caller's Vault token onward to the auth plugin backend. An authenticated client's token is thereby exposed to a plugin backend that should never see it, enabling potential impersonation and unauthorized secret access. No public exploit identified at time of analysis, and EPSS exploitation probability is negligible (0.01%, 3rd percentile).

Information Disclosure Hashicorp Vault Vault Enterprise
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-3605 Go HIGH PATCH GHSA This Week

HashiCorp Vault's KVv2 secrets engine allows authenticated users with glob-based policy access to delete secrets outside their authorization scope, causing denial-of-service across versions 0.10.0 through 1.x. The flaw stems from improper access control (CWE-288) in policy glob evaluation during delete operations. Exploitation requires valid Vault credentials with specific policy patterns but does not permit cross-namespace deletion or secret data exfiltration. Fixed in Vault Community Edition 2.0.0 and Vault Enterprise 2.0.0/1.21.5/1.20.10/1.19.16. No active exploitation confirmed (EPSS 0.01%), but CVSS 8.1 reflects high integrity and availability impact for authenticated attackers.

Information Disclosure Hashicorp Vault Vault Enterprise
NVD
CVSS 3.1
8.1
EPSS
0.0%
CVE-2025-6203 Go HIGH PATCH This Month

A malicious user may submit a specially-crafted complex payload that otherwise meets the default request size limit which results in excessive memory and CPU consumption of Vault. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Hashicorp Vault Red Hat Suse
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-6013 Go MEDIUM PATCH This Month

Vault and Vault Enterprise’s (“Vault”) ldap auth method may not have correctly enforced MFA if username_as_alias was set to true and a user had multiple CNs that are equal but with leading or. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Hashicorp Information Disclosure Vault Red Hat Suse
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-6037 Go MEDIUM PATCH This Month

Vault and Vault Enterprise (“Vault”) TLS certificate auth method did not correctly validate client certificates when configured with a non-CA certificate as [+trusted. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Hashicorp Information Disclosure Vault Red Hat Suse
NVD
CVSS 3.1
6.8
EPSS
0.0%
CVE-2025-6015 Go MEDIUM PATCH This Month

Vault and Vault Enterprise’s (“Vault”) login MFA rate limits could be bypassed and TOTP tokens could be reused. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Hashicorp Vault Red Hat Suse
NVD
CVSS 3.1
5.7
EPSS
0.0%
CVE-2025-6014 Go MEDIUM PATCH This Month

Vault and Vault Enterprise’s (“Vault”) TOTP Secrets Engine code validation endpoint is susceptible to code reuse within its validity period. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Hashicorp Information Disclosure Vault Red Hat Suse
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-6011 Go LOW PATCH Monitor

A timing side channel in Vault and Vault Enterprise’s (“Vault”) userpass auth method allowed an attacker to distinguish between existing and non-existing users, and potentially enumerate valid. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Hashicorp Information Disclosure Vault
NVD
CVSS 3.1
3.7
EPSS
0.0%
CVE-2025-6004 Go MEDIUM PATCH This Month

Vault and Vault Enterprise’s (“Vault”) user lockout feature could be bypassed for Userpass and LDAP authentication methods. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Hashicorp Vault Red Hat Suse
NVD
CVSS 3.1
5.3
EPSS
0.0%
CVE-2025-6000 Go CRITICAL POC PATCH This Week

{{sys/audit}} may obtain code execution on the underlying host if a plugin directory is set in Vault’s configuration. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Hashicorp Code Injection Vault Red Hat +1
NVD GitHub
CVSS 3.1
9.1
EPSS
0.1%
CVE-2025-5999 Go HIGH PATCH This Month

A privileged Vault operator with write permissions to the root namespace’s identity endpoint could escalate their own or another user’s token privileges to Vault’s root policy. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Hashicorp Privilege Escalation Vault Red Hat Suse
NVD
CVSS 3.1
7.2
EPSS
0.0%
CVE-2025-3879 Go MEDIUM PATCH This Month

Vault Community, Vault Enterprise (“Vault”) Azure Auth method did not correctly validate the claims in the Azure-issued token, resulting in the potential bypass of the bound_locations parameter on. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. No vendor patch available.

Microsoft Hashicorp Authentication Bypass Vault Red Hat +1
NVD
CVSS 3.1
6.6
EPSS
0.2%
CVE-2025-4166 Go MEDIUM PATCH This Month

Vault Community and Vault Enterprise Key/Value (kv) Version 2 plugin may unintentionally expose sensitive information in server and audit logs when users submit malformed payloads during secret. Rated medium severity (CVSS 4.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Hashicorp Information Disclosure Vault Openbao Red Hat +1
NVD
CVSS 3.1
4.5
EPSS
0.1%
CVE-2025-1276 HIGH This Week

A maliciously crafted DWG file, when parsed through certain Autodesk applications, can force an Out-of-Bounds Write vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE Advance Steel Autocad +15
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-8185 Go HIGH PATCH This Week

Vault Community and Vault Enterprise (“Vault”) clusters using Vault’s Integrated Storage backend are vulnerable to a denial-of-service (DoS) attack through memory exhaustion through a Raft cluster. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Hashicorp Denial Of Service Vault Openbao
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-9180 Go HIGH PATCH This Week

A privileged Vault operator with write permissions to the root namespace’s identity endpoint could escalate their own or another user’s privileges to Vault’s root policy. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Hashicorp Openbao Vault
NVD
CVSS 3.1
7.2
EPSS
0.5%
CVE-2024-7594 Go HIGH PATCH This Week

Vault’s SSH secrets engine did not require the valid_principals list to contain a value by default. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Hashicorp Information Disclosure Vault Openbao
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2024-8365 Go MEDIUM PATCH This Month

Vault Community Edition and Vault Enterprise experienced a regression where functionality that HMAC’d sensitive headers in the configured audit device, specifically client tokens and token accessors,. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Hashicorp Information Disclosure Vault
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2024-6468 Go HIGH PATCH This Week

Vault and Vault Enterprise did not properly handle requests originating from unauthorized IP addresses when the TCP listener option, proxy_protocol_behavior, was set to deny_unauthorized. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Hashicorp Denial Of Service Vault
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-5798 Go HIGH PATCH This Week

Vault and Vault Enterprise did not properly validate the JSON Web Token (JWT) role-bound audience claim when using the Vault JWT auth method. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Hashicorp Vault
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2024-2877 MEDIUM This Month

Vault Enterprise, when configured with performance standby nodes and a configured audit device, will inadvertently log request headers on the standby node. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Hashicorp Information Disclosure Vault
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-2660 Go MEDIUM PATCH This Month

Vault and Vault Enterprise TLS certificates auth method did not correctly validate OCSP responses when one or more OCSP sources were configured. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

Hashicorp Information Disclosure Vault
NVD
CVSS 3.1
6.8
EPSS
0.3%
CVE-2024-2048 Go CRITICAL PATCH Act Now

Vault and Vault Enterprise (“Vault”) TLS certificate auth method did not correctly validate client certificates when configured with a non-CA certificate as trusted certificate. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Hashicorp Vault Openbao
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2024-0831 Go MEDIUM POC PATCH This Month

Vault and Vault Enterprise (“Vault”) may expose sensitive information when enabling an audit device which specifies the `log_raw` option, which may log sensitive information to other audit devices,. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Hashicorp Information Disclosure Vault
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2023-6337 Go HIGH PATCH This Week

HashiCorp Vault and Vault Enterprise 1.12.0 and newer are vulnerable to a denial of service through memory exhaustion of the host when handling large unauthenticated and authenticated HTTP requests. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Hashicorp Vault
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-5954 Go HIGH PATCH This Week

HashiCorp Vault and Vault Enterprise inbound client requests triggering a policy check can lead to an unbounded consumption of memory. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Hashicorp Vault
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-5077 Go HIGH PATCH This Week

The Vault and Vault Enterprise ("Vault") Google Cloud secrets engine did not preserve existing Google Cloud IAM Conditions upon creating or updating rolesets. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Google Hashicorp Vault
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2023-3775 MEDIUM This Month

A Vault Enterprise Sentinel Role Governing Policy created by an operator to restrict access to resources in one namespace can be applied to requests outside in another non-descendant namespace,. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Hashicorp Vault
NVD
CVSS 3.1
4.9
EPSS
0.5%
CVE-2023-4680 Go MEDIUM PATCH This Month

HashiCorp Vault and Vault Enterprise transit secrets engine allowed authorized users to specify arbitrary nonces, even with convergent encryption disabled. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Hashicorp Vault
NVD
CVSS 3.1
6.8
EPSS
0.4%
CVE-2023-3462 Go MEDIUM PATCH This Month

HashiCorp's Vault and Vault Enterprise are vulnerable to user enumeration when using the LDAP auth method. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Hashicorp Vault
NVD
CVSS 3.1
5.3
EPSS
0.6%
CVE-2023-3774 MEDIUM This Month

An unhandled error in Vault Enterprise's namespace creation may cause the Vault process to crash, potentially resulting in denial of service. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Hashicorp Vault
NVD
CVSS 3.1
4.9
EPSS
0.6%
CVE-2023-2121 Go MEDIUM PATCH This Month

Vault and Vault Enterprise's (Vault) key-value v2 (kv-v2) diff viewer allowed HTML injection into the Vault web UI through key values. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Hashicorp Vault
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-2197 LOW Monitor

HashiCorp Vault Enterprise 1.13.0 up to 1.13.1 is vulnerable to a padding oracle attack when using an HSM in conjunction with the CKM_AES_CBC_PAD or CKM_AES_CBC encryption mechanisms. Rated low severity (CVSS 2.5). No vendor patch available.

Oracle Information Disclosure Hashicorp Vault
NVD
CVSS 3.1
2.5
EPSS
0.1%
CVE-2023-25000 Go MEDIUM PATCH This Month

HashiCorp Vault's implementation of Shamir's secret sharing used precomputed table lookups, and was vulnerable to cache-timing attacks. Rated medium severity (CVSS 4.7).

Information Disclosure Hashicorp Vault
NVD
CVSS 3.1
4.7
EPSS
0.2%
CVE-2023-0665 Go MEDIUM PATCH This Month

HashiCorp Vault's PKI mount issuer endpoints did not correctly authorize access to remove an issuer or modify issuer metadata, potentially resulting in denial of service of the PKI mount. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Authentication Bypass Hashicorp Vault
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2023-0620 Go MEDIUM PATCH This Month

HashiCorp Vault and Vault Enterprise versions 0.8.0 through 1.13.1 are vulnerable to an SQL injection attack when configuring the Microsoft SQL (MSSQL) Database Storage Backend. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity.

Microsoft SQLi Hashicorp Vault
NVD
CVSS 3.1
6.7
EPSS
0.4%
CVE-2023-24999 Go HIGH PATCH This Week

HashiCorp Vault and Vault Enterprise’s approle auth method allowed any authenticated user with access to an approle destroy endpoint to destroy the secret ID of any other role by providing the secret. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Hashicorp Vault
NVD
CVSS 3.1
8.1
EPSS
0.6%
CVE-2022-41316 Go MEDIUM PATCH This Month

HashiCorp Vault and Vault Enterprise’s TLS certificate auth method did not initially load the optionally configured CRL issued by the role's CA into memory on startup, resulting in the revocation. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Hashicorp Information Disclosure Vault
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2022-40186 Go CRITICAL PATCH Act Now

An issue was discovered in HashiCorp Vault and Vault Enterprise before 1.11.3. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Hashicorp Vault
NVD
CVSS 3.1
9.1
EPSS
0.8%
CVE-2022-36129 CRITICAL Act Now

HashiCorp Vault Enterprise 1.7.0 through 1.9.7, 1.10.4, and 1.11.0 clusters using Integrated Storage expose an unauthenticated API endpoint that could be abused to override the voter status of a node. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Hashicorp Vault
NVD
CVSS 3.1
9.1
EPSS
1.3%
CVE-2022-30689 Go MEDIUM PATCH This Month

HashiCorp Vault and Vault Enterprise from 1.10.0 to 1.10.2 did not correctly configure and enforce MFA on login after server restarts. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Hashicorp Information Disclosure Vault
NVD
CVSS 3.1
5.3
EPSS
1.1%
CVE-2022-25244 MEDIUM This Month

Vault Enterprise clusters using the tokenization transform feature can expose the tokenization key through the tokenization key configuration endpoint to authorized operators with `read` permissions. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Hashicorp Information Disclosure Vault
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2022-25243 MEDIUM This Month

"Vault and Vault Enterprise 1.8.0 through 1.8.8, and 1.9.3 allowed the PKI secrets engine under certain configurations to issue wildcard certificates to authorized users for a specified domain, even. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Hashicorp Information Disclosure Vault
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2021-45042 MEDIUM This Month

In HashiCorp Vault and Vault Enterprise before 1.7.7, 1.8.x before 1.8.6, and 1.9.x before 1.9.1, clusters using the Integrated Storage backend allowed an authenticated user (with write permissions. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Hashicorp Vault
NVD
CVSS 3.1
4.9
EPSS
1.4%
CVE-2021-43998 Go MEDIUM PATCH This Month

HashiCorp Vault and Vault Enterprise 0.11.0 up to 1.7.5 and 1.8.4 templated ACL policies would always match the first-created entity alias if multiple entity aliases exist for a specified entity and. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Hashicorp Vault
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2021-42135 Go HIGH PATCH This Week

HashiCorp Vault and Vault Enterprise 1.8.x through 1.8.4 may have an unexpected interaction between glob-related policies and the Google Cloud secrets engine. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Google Privilege Escalation Hashicorp Vault
NVD
CVSS 3.1
8.1
EPSS
0.8%
CVE-2021-41802 Go MEDIUM PATCH This Month

HashiCorp Vault and Vault Enterprise through 1.7.4 and 1.8.3 allowed a user with write permission to an entity alias ID sharing a mount accessor with another user to acquire this other user’s. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Hashicorp Vault
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-27668 MEDIUM This Month

HashiCorp Vault Enterprise 0.9.2 through 1.6.2 allowed the read of license metadata from DR secondaries without authentication. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Hashicorp Authentication Bypass Vault
NVD
CVSS 3.1
5.3
EPSS
1.0%
CVE-2021-38554 Go MEDIUM PATCH This Month

HashiCorp Vault and Vault Enterprise’s UI erroneously cached and exposed user-viewed secrets between sessions in a single shared browser. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Hashicorp Vault
NVD
CVSS 3.1
5.3
EPSS
0.9%
CVE-2021-38553 Go MEDIUM PATCH This Month

HashiCorp Vault and Vault Enterprise 1.4.0 through 1.7.3 initialized an underlying database file associated with the Integrated Storage feature with excessively broad filesystem permissions. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Hashicorp Vault
NVD
CVSS 3.1
4.4
EPSS
0.3%
CVE-2021-32923 Go HIGH PATCH This Week

HashiCorp Vault and Vault Enterprise allowed the renewal of nearly-expired token leases and dynamic secret leases (specifically, those within 1 second of their maximum TTL), which caused them to be. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Hashicorp Vault
NVD
CVSS 3.1
7.4
EPSS
1.4%
CVE-2021-29653 HIGH This Week

HashiCorp Vault and Vault Enterprise 1.5.1 and newer, under certain circumstances, may exclude revoked but unexpired certificates from the CRL. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Hashicorp Vault
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2021-27400 HIGH This Week

HashiCorp Vault and Vault Enterprise Cassandra integrations (storage backend and database secrets engine plugin) did not validate TLS certificates when connecting to Cassandra clusters. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Hashicorp Vault
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2021-3282 Go HIGH PATCH This Week

HashiCorp Vault Enterprise 1.6.0 & 1.6.1 allowed the `remove-peer` raft operator command to be executed against DR secondaries without authentication. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Hashicorp Authentication Bypass Vault
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2021-3024 MEDIUM This Month

HashiCorp Vault and Vault Enterprise disclosed the internal IP address of the Vault node when responding to some invalid, unauthenticated HTTP requests. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Hashicorp Vault
NVD
CVSS 3.1
5.3
EPSS
1.4%
CVE-2020-35453 MEDIUM This Month

HashiCorp Vault Enterprise’s Sentinel EGP policy feature incorrectly allowed requests to be processed in parent and sibling namespaces. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Hashicorp Information Disclosure Vault
NVD GitHub
CVSS 3.1
5.3
EPSS
0.8%
CVE-2020-35177 Go MEDIUM PATCH This Month

HashiCorp Vault and Vault Enterprise 1.4.1 and newer allowed the enumeration of users via the LDAP auth method. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Hashicorp Information Disclosure Vault
NVD GitHub
CVSS 3.1
5.3
EPSS
1.3%
CVE-2020-35192 CRITICAL Act Now

The official vault docker images before 0.11.6 contain a blank password for a root user. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Hashicorp Docker Authentication Bypass Vault
NVD GitHub
CVSS 3.1
9.8
EPSS
2.9%
CVE-2020-25816 Go MEDIUM PATCH This Month

HashiCorp Vault and Vault Enterprise versions 1.0 and newer allowed leases created with a batch token to outlive their TTL because expiration time was not scheduled correctly. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Hashicorp Information Disclosure Vault
NVD GitHub
CVSS 3.1
6.8
EPSS
1.0%
CVE-2020-16251 Go HIGH PATCH This Week

HashiCorp Vault and Vault Enterprise versions 0.8.3 and newer, when configured with the GCP GCE auth method, may be vulnerable to authentication bypass. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Hashicorp Authentication Bypass Vault
NVD GitHub
CVSS 3.1
8.2
EPSS
3.0%
CVE-2020-16250 Go HIGH PATCH This Week

HashiCorp Vault and Vault Enterprise versions 0.7.1 and newer, when configured with the AWS IAM auth method, may be vulnerable to authentication bypass. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Hashicorp Authentication Bypass Vault
NVD GitHub
CVSS 3.1
8.2
EPSS
1.5%
CVE-2020-13223 Go HIGH PATCH This Week

HashiCorp Vault and Vault Enterprise logged proxy environment variables that potentially included sensitive credentials. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Hashicorp Information Disclosure Vault
NVD GitHub
CVSS 3.1
7.5
EPSS
1.2%
CVE-2020-12757 Go CRITICAL PATCH Act Now

HashiCorp Vault and Vault Enterprise 1.4.0 and 1.4.1, when configured with the GCP Secrets Engine, may incorrectly generate GCP Credentials with the default time-to-live lease duration instead of the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Hashicorp Privilege Escalation Vault
NVD GitHub
CVSS 3.1
9.8
EPSS
1.5%
CVE-2020-10661 Go CRITICAL PATCH Act Now

HashiCorp Vault and Vault Enterprise versions 0.11.0 through 1.3.3 may, under certain circumstances, have existing nested-path policies grant access to Namespaces created after-the-fact. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Hashicorp Information Disclosure Vault
NVD GitHub
CVSS 3.1
9.1
EPSS
1.1%
CVE-2020-10660 Go MEDIUM PATCH This Month

HashiCorp Vault and Vault Enterprise versions 0.9.0 through 1.3.3 may, under certain circumstances, have an Entity's Group membership inadvertently include Groups the Entity no longer has permissions. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Hashicorp Privilege Escalation Vault
NVD GitHub
CVSS 3.1
5.3
EPSS
0.8%
CVE-2020-7220 Go HIGH PATCH This Week

HashiCorp Vault Enterprise 0.11.0 through 1.3.1 fails, in certain circumstances, to revoke dynamic secrets for a mount in a deleted namespace. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Hashicorp Information Disclosure Vault
NVD GitHub
CVSS 3.1
7.5
EPSS
1.4%
CVE-2018-19786 HIGH This Week

HashiCorp Vault before 1.0.0 writes the master key to the server log in certain unusual or misconfigured scenarios in which incorrect data comes from the autoseal mechanism without an error being. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Hashicorp Information Disclosure Vault
NVD GitHub
CVSS 3.0
8.1
EPSS
0.9%
CVE-2015-5711 MEDIUM This Month

TIBCO Managed File Transfer Internet Server before 7.2.5, Managed File Transfer Command Center before 7.2.5, Slingshot before 1.9.4, and Vault before 2.0.1 allow remote authenticated users to obtain. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Hashicorp Managed File Transfer Internet Server Vault Managed File Transfer Command Center +1
NVD
CVSS 2.0
4.0
EPSS
0.1%
CVE-2014-7194 MEDIUM PATCH This Month

TIBCO Managed File Transfer Internet Server before 7.2.4, Managed File Transfer Command Center before 7.2.4, Slingshot before 1.9.3, and Vault before 1.1.1 allow remote attackers to obtain sensitive. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity.

Privilege Escalation Hashicorp Managed File Transfer Internet Server Managed File Transfer Command Center Slingshot +1
NVD
CVSS 2.0
6.4
EPSS
0.2%
CVE-2014-2545 MEDIUM This Month

TIBCO Managed File Transfer Internet Server before 7.2.2, Managed File Transfer Command Center before 7.2.2, Slingshot before 1.9.1, and Vault before 1.0.1 allow remote attackers to obtain sensitive. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Managed File Transfer Internet Server Information Disclosure Hashicorp Slingshot Vault +1
NVD VulDB
CVSS 2.0
5.0
EPSS
0.2%
EPSS 0% CVSS 4.4
MEDIUM PATCH This Month

Plugin directory guard bypass in HashiCorp Vault and Vault Enterprise allows a highly privileged, authenticated attacker to read files outside the intended audit plugin directory via path traversal. Exploitation requires network access, high-privilege credentials, and the use of the legacy file audit path option - a non-default configuration. Fixed versions are 2.0.1, 1.21.6, 1.20.11, and 1.19.17; no public exploit or active exploitation (CISA KEV) has been identified at time of analysis.

Hashicorp Path Traversal Vault +1
NVD VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

HashiCorp Vault unauthenticated denial-of-service vulnerability allows remote attackers to block critical administrative operations by monopolizing the single operation slot for root token generation and rekey workflows. Affects all Vault Community and Enterprise versions prior to 2.0.0. No active exploitation confirmed (EPSS 3rd percentile), but attack is trivially automatable per CISA SSVC framework. HashiCorp released patches in Vault Community Edition 2.0.0 and Vault Enterprise 2.0.0.

Denial Of Service Hashicorp Vault +1
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Token leakage in HashiCorp Vault and Vault Enterprise (0.11.2 up to 2.0.0, 1.21.5, 1.20.10, and 1.19.16) occurs when an auth mount is configured to pass through the 'Authorization' header and that same header is used to authenticate to Vault; in this case Vault forwards the caller's Vault token onward to the auth plugin backend. An authenticated client's token is thereby exposed to a plugin backend that should never see it, enabling potential impersonation and unauthorized secret access. No public exploit identified at time of analysis, and EPSS exploitation probability is negligible (0.01%, 3rd percentile).

Information Disclosure Hashicorp Vault +1
NVD VulDB
EPSS 0% CVSS 8.1
HIGH PATCH This Week

HashiCorp Vault's KVv2 secrets engine allows authenticated users with glob-based policy access to delete secrets outside their authorization scope, causing denial-of-service across versions 0.10.0 through 1.x. The flaw stems from improper access control (CWE-288) in policy glob evaluation during delete operations. Exploitation requires valid Vault credentials with specific policy patterns but does not permit cross-namespace deletion or secret data exfiltration. Fixed in Vault Community Edition 2.0.0 and Vault Enterprise 2.0.0/1.21.5/1.20.10/1.19.16. No active exploitation confirmed (EPSS 0.01%), but CVSS 8.1 reflects high integrity and availability impact for authenticated attackers.

Information Disclosure Hashicorp Vault +1
NVD
EPSS 0% CVSS 7.5
HIGH PATCH This Month

A malicious user may submit a specially-crafted complex payload that otherwise meets the default request size limit which results in excessive memory and CPU consumption of Vault. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Hashicorp Vault +2
NVD
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Vault and Vault Enterprise’s (“Vault”) ldap auth method may not have correctly enforced MFA if username_as_alias was set to true and a user had multiple CNs that are equal but with leading or. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Hashicorp Information Disclosure Vault +2
NVD
EPSS 0% CVSS 6.8
MEDIUM PATCH This Month

Vault and Vault Enterprise (“Vault”) TLS certificate auth method did not correctly validate client certificates when configured with a non-CA certificate as [+trusted. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Hashicorp Information Disclosure Vault +2
NVD
EPSS 0% CVSS 5.7
MEDIUM PATCH This Month

Vault and Vault Enterprise’s (“Vault”) login MFA rate limits could be bypassed and TOTP tokens could be reused. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Hashicorp Vault +2
NVD
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Vault and Vault Enterprise’s (“Vault”) TOTP Secrets Engine code validation endpoint is susceptible to code reuse within its validity period. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Hashicorp Information Disclosure Vault +2
NVD
EPSS 0% CVSS 3.7
LOW PATCH Monitor

A timing side channel in Vault and Vault Enterprise’s (“Vault”) userpass auth method allowed an attacker to distinguish between existing and non-existing users, and potentially enumerate valid. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Hashicorp Information Disclosure Vault
NVD
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Vault and Vault Enterprise’s (“Vault”) user lockout feature could be bypassed for Userpass and LDAP authentication methods. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Hashicorp Vault +2
NVD
EPSS 0% CVSS 9.1
CRITICAL POC PATCH This Week

{{sys/audit}} may obtain code execution on the underlying host if a plugin directory is set in Vault’s configuration. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Hashicorp Code Injection +3
NVD GitHub
EPSS 0% CVSS 7.2
HIGH PATCH This Month

A privileged Vault operator with write permissions to the root namespace’s identity endpoint could escalate their own or another user’s token privileges to Vault’s root policy. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Hashicorp Privilege Escalation Vault +2
NVD
EPSS 0% CVSS 6.6
MEDIUM PATCH This Month

Vault Community, Vault Enterprise (“Vault”) Azure Auth method did not correctly validate the claims in the Azure-issued token, resulting in the potential bypass of the bound_locations parameter on. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. No vendor patch available.

Microsoft Hashicorp Authentication Bypass +3
NVD
EPSS 0% CVSS 4.5
MEDIUM PATCH This Month

Vault Community and Vault Enterprise Key/Value (kv) Version 2 plugin may unintentionally expose sensitive information in server and audit logs when users submit malformed payloads during secret. Rated medium severity (CVSS 4.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Hashicorp Information Disclosure Vault +3
NVD
EPSS 0% CVSS 7.8
HIGH This Week

A maliciously crafted DWG file, when parsed through certain Autodesk applications, can force an Out-of-Bounds Write vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE +17
NVD
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Vault Community and Vault Enterprise (“Vault”) clusters using Vault’s Integrated Storage backend are vulnerable to a denial-of-service (DoS) attack through memory exhaustion through a Raft cluster. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Hashicorp Denial Of Service Vault +1
NVD
EPSS 1% CVSS 7.2
HIGH PATCH This Week

A privileged Vault operator with write permissions to the root namespace’s identity endpoint could escalate their own or another user’s privileges to Vault’s root policy. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Hashicorp Openbao +1
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Vault’s SSH secrets engine did not require the valid_principals list to contain a value by default. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Hashicorp Information Disclosure Vault +1
NVD
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Vault Community Edition and Vault Enterprise experienced a regression where functionality that HMAC’d sensitive headers in the configured audit device, specifically client tokens and token accessors,. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Hashicorp Information Disclosure Vault
NVD
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Vault and Vault Enterprise did not properly handle requests originating from unauthorized IP addresses when the TCP listener option, proxy_protocol_behavior, was set to deny_unauthorized. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Hashicorp Denial Of Service Vault
NVD
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Vault and Vault Enterprise did not properly validate the JSON Web Token (JWT) role-bound audience claim when using the Vault JWT auth method. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Hashicorp Vault
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Vault Enterprise, when configured with performance standby nodes and a configured audit device, will inadvertently log request headers on the standby node. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Hashicorp Information Disclosure Vault
NVD
EPSS 0% CVSS 6.8
MEDIUM PATCH This Month

Vault and Vault Enterprise TLS certificates auth method did not correctly validate OCSP responses when one or more OCSP sources were configured. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

Hashicorp Information Disclosure Vault
NVD
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

Vault and Vault Enterprise (“Vault”) TLS certificate auth method did not correctly validate client certificates when configured with a non-CA certificate as trusted certificate. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Hashicorp Vault +1
NVD
EPSS 1% CVSS 6.5
MEDIUM POC PATCH This Month

Vault and Vault Enterprise (“Vault”) may expose sensitive information when enabling an audit device which specifies the `log_raw` option, which may log sensitive information to other audit devices,. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Hashicorp Information Disclosure Vault
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

HashiCorp Vault and Vault Enterprise 1.12.0 and newer are vulnerable to a denial of service through memory exhaustion of the host when handling large unauthenticated and authenticated HTTP requests. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Hashicorp Vault
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

HashiCorp Vault and Vault Enterprise inbound client requests triggering a policy check can lead to an unbounded consumption of memory. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Hashicorp Vault
NVD
EPSS 0% CVSS 7.5
HIGH PATCH This Week

The Vault and Vault Enterprise ("Vault") Google Cloud secrets engine did not preserve existing Google Cloud IAM Conditions upon creating or updating rolesets. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Google Hashicorp +1
NVD
EPSS 0% CVSS 4.9
MEDIUM This Month

A Vault Enterprise Sentinel Role Governing Policy created by an operator to restrict access to resources in one namespace can be applied to requests outside in another non-descendant namespace,. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Hashicorp Vault
NVD
EPSS 0% CVSS 6.8
MEDIUM PATCH This Month

HashiCorp Vault and Vault Enterprise transit secrets engine allowed authorized users to specify arbitrary nonces, even with convergent encryption disabled. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Hashicorp Vault
NVD
EPSS 1% CVSS 5.3
MEDIUM PATCH This Month

HashiCorp's Vault and Vault Enterprise are vulnerable to user enumeration when using the LDAP auth method. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Hashicorp Vault
NVD
EPSS 1% CVSS 4.9
MEDIUM This Month

An unhandled error in Vault Enterprise's namespace creation may cause the Vault process to crash, potentially resulting in denial of service. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Hashicorp Vault
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

Vault and Vault Enterprise's (Vault) key-value v2 (kv-v2) diff viewer allowed HTML injection into the Vault web UI through key values. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Hashicorp Vault
NVD
EPSS 0% CVSS 2.5
LOW Monitor

HashiCorp Vault Enterprise 1.13.0 up to 1.13.1 is vulnerable to a padding oracle attack when using an HSM in conjunction with the CKM_AES_CBC_PAD or CKM_AES_CBC encryption mechanisms. Rated low severity (CVSS 2.5). No vendor patch available.

Oracle Information Disclosure Hashicorp +1
NVD
EPSS 0% CVSS 4.7
MEDIUM PATCH This Month

HashiCorp Vault's implementation of Shamir's secret sharing used precomputed table lookups, and was vulnerable to cache-timing attacks. Rated medium severity (CVSS 4.7).

Information Disclosure Hashicorp Vault
NVD
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

HashiCorp Vault's PKI mount issuer endpoints did not correctly authorize access to remove an issuer or modify issuer metadata, potentially resulting in denial of service of the PKI mount. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Authentication Bypass Hashicorp +1
NVD
EPSS 0% CVSS 6.7
MEDIUM PATCH This Month

HashiCorp Vault and Vault Enterprise versions 0.8.0 through 1.13.1 are vulnerable to an SQL injection attack when configuring the Microsoft SQL (MSSQL) Database Storage Backend. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity.

Microsoft SQLi Hashicorp +1
NVD
EPSS 1% CVSS 8.1
HIGH PATCH This Week

HashiCorp Vault and Vault Enterprise’s approle auth method allowed any authenticated user with access to an approle destroy endpoint to destroy the secret ID of any other role by providing the secret. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Hashicorp Vault
NVD
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

HashiCorp Vault and Vault Enterprise’s TLS certificate auth method did not initially load the optionally configured CRL issued by the role's CA into memory on startup, resulting in the revocation. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Hashicorp Information Disclosure Vault
NVD
EPSS 1% CVSS 9.1
CRITICAL PATCH Act Now

An issue was discovered in HashiCorp Vault and Vault Enterprise before 1.11.3. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Hashicorp Vault
NVD
EPSS 1% CVSS 9.1
CRITICAL Act Now

HashiCorp Vault Enterprise 1.7.0 through 1.9.7, 1.10.4, and 1.11.0 clusters using Integrated Storage expose an unauthenticated API endpoint that could be abused to override the voter status of a node. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Hashicorp Vault
NVD
EPSS 1% CVSS 5.3
MEDIUM PATCH This Month

HashiCorp Vault and Vault Enterprise from 1.10.0 to 1.10.2 did not correctly configure and enforce MFA on login after server restarts. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Hashicorp Information Disclosure Vault
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

Vault Enterprise clusters using the tokenization transform feature can expose the tokenization key through the tokenization key configuration endpoint to authorized operators with `read` permissions. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Hashicorp Information Disclosure Vault
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

"Vault and Vault Enterprise 1.8.0 through 1.8.8, and 1.9.3 allowed the PKI secrets engine under certain configurations to issue wildcard certificates to authorized users for a specified domain, even. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Hashicorp Information Disclosure Vault
NVD
EPSS 1% CVSS 4.9
MEDIUM This Month

In HashiCorp Vault and Vault Enterprise before 1.7.7, 1.8.x before 1.8.6, and 1.9.x before 1.9.1, clusters using the Integrated Storage backend allowed an authenticated user (with write permissions. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Hashicorp Vault
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

HashiCorp Vault and Vault Enterprise 0.11.0 up to 1.7.5 and 1.8.4 templated ACL policies would always match the first-created entity alias if multiple entity aliases exist for a specified entity and. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Hashicorp Vault
NVD
EPSS 1% CVSS 8.1
HIGH PATCH This Week

HashiCorp Vault and Vault Enterprise 1.8.x through 1.8.4 may have an unexpected interaction between glob-related policies and the Google Cloud secrets engine. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Google Privilege Escalation Hashicorp +1
NVD
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

HashiCorp Vault and Vault Enterprise through 1.7.4 and 1.8.3 allowed a user with write permission to an entity alias ID sharing a mount accessor with another user to acquire this other user’s. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Hashicorp Vault
NVD
EPSS 1% CVSS 5.3
MEDIUM This Month

HashiCorp Vault Enterprise 0.9.2 through 1.6.2 allowed the read of license metadata from DR secondaries without authentication. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Hashicorp Authentication Bypass Vault
NVD
EPSS 1% CVSS 5.3
MEDIUM PATCH This Month

HashiCorp Vault and Vault Enterprise’s UI erroneously cached and exposed user-viewed secrets between sessions in a single shared browser. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Hashicorp Vault
NVD
EPSS 0% CVSS 4.4
MEDIUM PATCH This Month

HashiCorp Vault and Vault Enterprise 1.4.0 through 1.7.3 initialized an underlying database file associated with the Integrated Storage feature with excessively broad filesystem permissions. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Hashicorp Vault
NVD
EPSS 1% CVSS 7.4
HIGH PATCH This Week

HashiCorp Vault and Vault Enterprise allowed the renewal of nearly-expired token leases and dynamic secret leases (specifically, those within 1 second of their maximum TTL), which caused them to be. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Hashicorp Vault
NVD
EPSS 1% CVSS 7.5
HIGH This Week

HashiCorp Vault and Vault Enterprise 1.5.1 and newer, under certain circumstances, may exclude revoked but unexpired certificates from the CRL. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Hashicorp Vault
NVD
EPSS 1% CVSS 7.5
HIGH This Week

HashiCorp Vault and Vault Enterprise Cassandra integrations (storage backend and database secrets engine plugin) did not validate TLS certificates when connecting to Cassandra clusters. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Hashicorp Vault
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

HashiCorp Vault Enterprise 1.6.0 & 1.6.1 allowed the `remove-peer` raft operator command to be executed against DR secondaries without authentication. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Hashicorp Authentication Bypass Vault
NVD
EPSS 1% CVSS 5.3
MEDIUM This Month

HashiCorp Vault and Vault Enterprise disclosed the internal IP address of the Vault node when responding to some invalid, unauthenticated HTTP requests. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Hashicorp Vault
NVD
EPSS 1% CVSS 5.3
MEDIUM This Month

HashiCorp Vault Enterprise’s Sentinel EGP policy feature incorrectly allowed requests to be processed in parent and sibling namespaces. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Hashicorp Information Disclosure Vault
NVD GitHub
EPSS 1% CVSS 5.3
MEDIUM PATCH This Month

HashiCorp Vault and Vault Enterprise 1.4.1 and newer allowed the enumeration of users via the LDAP auth method. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Hashicorp Information Disclosure Vault
NVD GitHub
EPSS 3% CVSS 9.8
CRITICAL Act Now

The official vault docker images before 0.11.6 contain a blank password for a root user. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Hashicorp Docker Authentication Bypass +1
NVD GitHub
EPSS 1% CVSS 6.8
MEDIUM PATCH This Month

HashiCorp Vault and Vault Enterprise versions 1.0 and newer allowed leases created with a batch token to outlive their TTL because expiration time was not scheduled correctly. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Hashicorp Information Disclosure Vault
NVD GitHub
EPSS 3% CVSS 8.2
HIGH PATCH This Week

HashiCorp Vault and Vault Enterprise versions 0.8.3 and newer, when configured with the GCP GCE auth method, may be vulnerable to authentication bypass. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Hashicorp Authentication Bypass Vault
NVD GitHub
EPSS 1% CVSS 8.2
HIGH PATCH This Week

HashiCorp Vault and Vault Enterprise versions 0.7.1 and newer, when configured with the AWS IAM auth method, may be vulnerable to authentication bypass. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Hashicorp Authentication Bypass Vault
NVD GitHub
EPSS 1% CVSS 7.5
HIGH PATCH This Week

HashiCorp Vault and Vault Enterprise logged proxy environment variables that potentially included sensitive credentials. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Hashicorp Information Disclosure Vault
NVD GitHub
EPSS 2% CVSS 9.8
CRITICAL PATCH Act Now

HashiCorp Vault and Vault Enterprise 1.4.0 and 1.4.1, when configured with the GCP Secrets Engine, may incorrectly generate GCP Credentials with the default time-to-live lease duration instead of the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Hashicorp Privilege Escalation Vault
NVD GitHub
EPSS 1% CVSS 9.1
CRITICAL PATCH Act Now

HashiCorp Vault and Vault Enterprise versions 0.11.0 through 1.3.3 may, under certain circumstances, have existing nested-path policies grant access to Namespaces created after-the-fact. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Hashicorp Information Disclosure Vault
NVD GitHub
EPSS 1% CVSS 5.3
MEDIUM PATCH This Month

HashiCorp Vault and Vault Enterprise versions 0.9.0 through 1.3.3 may, under certain circumstances, have an Entity's Group membership inadvertently include Groups the Entity no longer has permissions. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Hashicorp Privilege Escalation Vault
NVD GitHub
EPSS 1% CVSS 7.5
HIGH PATCH This Week

HashiCorp Vault Enterprise 0.11.0 through 1.3.1 fails, in certain circumstances, to revoke dynamic secrets for a mount in a deleted namespace. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Hashicorp Information Disclosure Vault
NVD GitHub
EPSS 1% CVSS 8.1
HIGH This Week

HashiCorp Vault before 1.0.0 writes the master key to the server log in certain unusual or misconfigured scenarios in which incorrect data comes from the autoseal mechanism without an error being. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Hashicorp Information Disclosure Vault
NVD GitHub
EPSS 0% CVSS 4.0
MEDIUM This Month

TIBCO Managed File Transfer Internet Server before 7.2.5, Managed File Transfer Command Center before 7.2.5, Slingshot before 1.9.4, and Vault before 2.0.1 allow remote authenticated users to obtain. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Hashicorp Managed File Transfer Internet Server +3
NVD
EPSS 0% CVSS 6.4
MEDIUM PATCH This Month

TIBCO Managed File Transfer Internet Server before 7.2.4, Managed File Transfer Command Center before 7.2.4, Slingshot before 1.9.3, and Vault before 1.1.1 allow remote attackers to obtain sensitive. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity.

Privilege Escalation Hashicorp Managed File Transfer Internet Server +3
NVD
EPSS 0% CVSS 5.0
MEDIUM This Month

TIBCO Managed File Transfer Internet Server before 7.2.2, Managed File Transfer Command Center before 7.2.2, Slingshot before 1.9.1, and Vault before 1.0.1 allow remote attackers to obtain sensitive. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Managed File Transfer Internet Server Information Disclosure Hashicorp +3
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy