Hashicorp Vault
37 CVEs affecting Hashicorp Vault. Latest disclosed: 2026-04-17. Critical: 1, High: 14.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2025-6000 | Critical | 9.1 | 2025-08-01 | A privileged Vault operator within the root namespace with write permission to {{sys/audit}} may obtain code execution on the underlying host if a plugin direc… |
CVE-2026-3605 | High | 8.1 | 2026-04-17 | An authenticated user with access to a kvv2 path through a policy containing a glob may be able to delete secrets they were not authorized to read or write, re… |
CVE-2025-11621 | High | 8.1 | 2025-10-23 | Vault and Vault Enterprise’s (“Vault”) AWS Auth method may be susceptible to authentication bypass if the role of the configured bound_principal_iam is the sam… |
CVE-2024-2048 | High | 8.1 | 2024-03-04 | Vault and Vault Enterprise (“Vault”) TLS certificate auth method did not correctly validate client certificates when configured with a non-CA certificate as tr… |
CVE-2023-5077 | High | 7.6 | 2023-09-28 | The Vault and Vault Enterprise ("Vault") Google Cloud secrets engine did not preserve existing Google Cloud IAM Conditions upon creating or updating rolesets… |
CVE-2026-5807 | High | 7.5 | 2026-04-17 | Vault is vulnerable to a denial-of-service condition where an unauthenticated attacker can repeatedly initiate or cancel root token generation or rekey operati… |
CVE-2026-4525 | High | 7.5 | 2026-04-17 | If a Vault auth mount is configured to pass through the "Authorization" header, and the "Authorization" header is used to authenticate to Vault, Vault forwarde… |
CVE-2025-12044 | High | 7.5 | 2025-10-23 | Vault and Vault Enterprise (“Vault”) are vulnerable to an unauthenticated denial of service when processing JSON payloads. This occurs due to a regression from… |
CVE-2025-6203 | High | 7.5 | 2025-08-28 | A malicious user may submit a specially-crafted complex payload that otherwise meets the default request size limit which results in excessive memory and CPU c… |
CVE-2024-8185 | High | 7.5 | 2024-10-31 | Vault Community and Vault Enterprise (“Vault”) clusters using Vault’s Integrated Storage backend are vulnerable to a denial-of-service (DoS) attack through mem… |
CVE-2024-7594 | High | 7.5 | 2024-09-26 | Vault’s SSH secrets engine did not require the valid_principals list to contain a value by default. If the valid_principals and default_user fields of the SSH… |
CVE-2024-6468 | High | 7.5 | 2024-07-11 | Vault and Vault Enterprise did not properly handle requests originating from unauthorized IP addresses when the TCP listener option, proxy_protocol_behavior, w… |
CVE-2023-6337 | High | 7.5 | 2023-12-08 | HashiCorp Vault and Vault Enterprise 1.12.0 and newer are vulnerable to a denial of service through memory exhaustion of the host when handling large unauthent… |
CVE-2025-5999 | High | 7.2 | 2025-08-01 | A privileged Vault operator with write permissions to the root namespace’s identity endpoint could escalate their own or another user’s token privileges to Vau… |
CVE-2024-9180 | High | 7.2 | 2024-10-10 | A privileged Vault operator with write permissions to the root namespace’s identity endpoint could escalate their own or another user’s privileges to Vault’s r… |
CVE-2025-6037 | Medium | 6.8 | 2025-08-01 | Vault and Vault Enterprise (“Vault”) TLS certificate auth method did not correctly validate client certificates when configured with a non-CA certificate as [+… |
CVE-2023-4680 | Medium | 6.8 | 2023-09-14 | HashiCorp Vault and Vault Enterprise transit secrets engine allowed authorized users to specify arbitrary nonces, even with convergent encryption disabled. The… |
CVE-2025-3879 | Medium | 6.6 | 2025-05-02 | Vault Community, Vault Enterprise (“Vault”) Azure Auth method did not correctly validate the claims in the Azure-issued token, resulting in the potential bypas… |
CVE-2025-6013 | Medium | 6.5 | 2025-08-06 | Vault and Vault Enterprise’s (“Vault”) ldap auth method may not have correctly enforced MFA if username_as_alias was set to true and a user had multiple CNs th… |
CVE-2025-6014 | Medium | 6.5 | 2025-08-01 | Vault and Vault Enterprise’s (“Vault”) TOTP Secrets Engine code validation endpoint is susceptible to code reuse within its validity period. Fixed in Vault Com… |