Vault
This hub aggregates every CVE we track for Vault, a product in the cloud saas space. Use it to gauge the current risk picture and drill into individual advisories.
39
CVEs tracked
3
Critical
14
High
0
In CISA KEV
Severity distribution
MEDIUM19HIGH14LOW3CRITICAL3
Monthly trend
0
0
0
0
0
0
0
0
0
1
1
0
0
0
0
0
0
0
0
0
4
0
0
0
2024-082026-07
Latest CVEs
The 15 most recently published vulnerabilities affecting Vault.
- CVE-2026-5807Vault Vulnerable to Denial-of-Service via Unauthenticated Root Token Generation/Rekey Operations7.5
- CVE-2026-4525Vault Token Leaked to Backends via Authorization: Bearer Passthrough Header7.5
- CVE-2026-5052Vault Vulnerable to Server-Side Request Forgery in ACME Challenge Validation via Attacker-Controlled DNS5.3
- CVE-2026-3605Vault KVv2 Metadata and Secret Deletion Policy Bypass Denial-of-Service8.1
- CVE-2025-4656Vault Vulnerable to Recovery Key Cancellation Denial of Service3.1
- CVE-2025-4166Vault May Include Sensitive Data in Error Logs When Using the KV v2 Plugin4.5
- CVE-2023-5077Vault's Google Cloud Secrets Engine Removed Existing IAM Conditions When Creating / Updating Rolesets7.6
- CVE-2023-2121Vault’s KV Diff Viewer Allowed for HTML Injection4.3
- CVE-2023-2197Vault Enterprise Vulnerable to Padding Oracle Attacks When Using a CBC-based Encryption Mechanism with a HSM2.5
- CVE-2023-0620Vault Vulnerable to SQL Injection When Configuring the Microsoft SQL Database Storage Backend6.5
- CVE-2023-0665Vault PKI Issuer Endpoint Did Not Correctly Authorize Access to Issuer Metadata6.5
- CVE-2021-45042In HashiCorp Vault and Vault Enterprise before 1.7.7, 1.8.x before 1.8.6, and 1.9.x before 1.9.1, clusters using the Integrated Storage backend allowed an authenticated user (with write permissions...4.9
- CVE-2021-43998HashiCorp Vault and Vault Enterprise 0.11.0 up to 1.7.5 and 1.8.4 templated ACL policies would always match the first-created entity alias if multiple entity aliases exist for a specified entity an...6.5
- CVE-2021-42135HashiCorp Vault and Vault Enterprise 1.8.x through 1.8.4 may have an unexpected interaction between glob-related policies and the Google Cloud secrets engine. Users may, in some situations, have mo...8.1
- CVE-2021-41802HashiCorp Vault and Vault Enterprise through 1.7.4 and 1.8.3 allowed a user with write permission to an entity alias ID sharing a mount accessor with another user to acquire this other user’s pol...2.9
Product normalization is registry-driven with AI assist and human review. How it works