Hashicorp Tooling
4 CVEs affecting Hashicorp Tooling. Latest disclosed: 2026-05-12. Critical: 0, High: 3.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2025-1293 | High | 8.2 | 2025-02-20 | Hermes versions up to 0.4.0 improperly validated the JWT provided when using the AWS ALB authentication mode, potentially allowing for authentication bypass. T… |
CVE-2026-4660 | High | 7.5 | 2026-04-09 | HashiCorp’s go-getter library up to v1.8.5 may allow arbitrary file reads on the file system during certain git operations through a maliciously crafted URL. T… |
CVE-2025-13357 | High | 7.4 | 2025-11-21 | Vault’s Terraform Provider incorrectly set the default deny_null_bind parameter for the LDAP auth method to false by default, potentially resulting in an insec… |
CVE-2026-5061 | Medium | 4.7 | 2026-05-12 | The consul-template library before version 0.42.0 is vulnerable to a sandbox path bypass in the file template helper that may allow reading an out-of-sandbox f… |