Vault community edition
This hub aggregates every CVE we track for Vault community edition, a product in the cloud saas space. Use it to gauge the current risk picture and drill into individual advisories.
14
CVEs tracked
1
Critical
7
High
0
In CISA KEV
Severity distribution
HIGH7MEDIUM5LOW1CRITICAL1
Monthly trend
0
0
0
0
0
0
0
0
0
2
1
0
6
0
2
0
0
0
0
0
3
0
0
0
2024-082026-07
Latest CVEs
The 14 most recently published vulnerabilities affecting Vault community edition.
- CVE-2026-5807Vault Vulnerable to Denial-of-Service via Unauthenticated Root Token Generation/Rekey Operations7.5
- CVE-2026-4525Vault Token Leaked to Backends via Authorization: Bearer Passthrough Header7.5
- CVE-2026-3605Vault KVv2 Metadata and Secret Deletion Policy Bypass Denial-of-Service8.1
- CVE-2025-12044Vault Vulnerable to Denial of Service Due to Rate Limit Regression7.5
- CVE-2025-11621Vault AWS auth method bypass due to AWS client cache8.1
- CVE-2025-6203Vault unauthenticated denial of service through complex json payload7.5
- CVE-2025-6013Vault LDAP MFA Enforcement Bypass When Using Username As Alias6.5
- CVE-2025-6004Vault Userpass and LDAP User Lockout Bypass5.3
- CVE-2025-6037Vault Certificate Auth Method Did Not Validate Common Name For Non-CA Certificates6.8
- CVE-2025-6000Arbitrary Remote Code Execution via Plugin Catalog Abuse9.1
- CVE-2025-5999Vault Root Namespace Operator May Elevate Token Privileges7.2
- CVE-2025-4656Vault Vulnerable to Recovery Key Cancellation Denial of Service3.1
- CVE-2025-3879Vault’s Azure Authentication Method bound_location Restriction Could be Bypassed on Login6.6
- CVE-2025-4166Vault May Include Sensitive Data in Error Logs When Using the KV v2 Plugin4.5
Product normalization is registry-driven with AI assist and human review. How it works