SecAlerts
CVE ListPricingSign Up
HashiCorp logo

HashiCorp

Security Risk Profile

41
/100
medium

Security Risk Score

Comprehensive risk assessment based on 312 vulnerabilities, EPSS scores, exploitation status, and remediation availability.

📅 Data spans from August 2, 2017 to present

312
Total CVEs
120
Critical+High
1
Exploited
54
Unpatched

Threat Assessment

Avg CVSS
7.2
Base severity
Avg EPSS
0%
Exploit probability
Unpatched
54
Critical/High
Risk Level
41/100
medium
⚠️ 1 Active Exploits🆕 1Fresh (<7d)📈 7 in Last 30 Days

Severity Distribution

Critical
22
High
98
Medium
77
Low
5

Exploit Likelihood

>50% chance
0
20-50%
0
5-20%
0
<5%
25

Age Distribution

Common Weaknesses (CWE)

1
Path Traversal
10
2
Input Validation
7
3
SSRF
4
4
XSS
4
5
Command Injection
4

Most Affected Products

1. HashiCorp Vault322
2. HashiCorp Nomad181
3. Hashicorp Consul137
4. go/github.com/hashicorp/vault78
5. go/github.com/hashicorp/consul33

Recent Vulnerabilities

See more →
CVE-2026-47357
CVSS 9.2critical
5/19/2026🔧 No Patch
CVE-2026-7474
CVSS 8.8EPSS 0%high

Nomad vulnerable to path traversal in dynamic host volume which may lead to code execution

5/12/2026🔧 No Patch
CVE-2026-8052
CVSS 6.0EPSS 0%medium

Nomad's exec2 task driver vulnerable to arbitrary file read/write on client host through symlink attack

5/12/2026🔧 No Patch
CVE-2026-6959
CVSS 6.0EPSS 0%medium

Nomad vulnerable to arbitrary file read/write on client host through symlink attack

5/12/2026🔧 No Patch
CVE-2026-5061
CVSS 4.7medium

Consul-template vulnerable to sandbox path bypass in file helper via a symlink attack

5/12/2026🔧 No Patch
CVE-2026-7776
CVSS 7.5EPSS 0%high

Boundary Workers Vulnerable to Denial of Service During TLS Handshake

5/4/2026🔧 No Patch
EOL-terraform-1.15
unknown
4/29/2026
EOL-nomad-2.0
unknown
4/21/2026
CVE-2026-5807
CVSS 7.5EPSS 0%high

Vault Vulnerable to Denial-of-Service via Unauthenticated Root Token Generation/Rekey Operations

4/17/2026🔧 No Patch
CVE-2026-4525
CVSS 8.8high

Vault Token Leaked to Backends via Authorization: Bearer Passthrough Header

4/17/2026🔧 No Patch

Monitor HashiCorp in Real-Time

Get instant alerts when new vulnerabilities are discovered. Stay ahead of security threats with SecAlerts.

Start Free TrialBook a Demo
Powered bySecAlerts

Monitor Your Software Stack in Real-Time

Get instant alerts when vulnerabilities are discovered in your software stack. Stay ahead of security threats with SecAlerts.

Start Free TrialBook a Demo
AboutNewsDocumentationTermsContact

© 2026 SecAlerts Pty Ltd. All rights reserved.