Latest vulnerabilities for "hashicorp vault enterprise"

Where

Sort:

HashiCorp VaultVault Vulnerable to Denial-of-Service via Unauthenticated Root Token Generation/Rekey Operations

Risk 31

Severity

7.5

EPSS

0.02%

First published (updated )

CVE-2026-5807

HashiCorp VaultVault Vulnerable to Server-Side Request Forgery in ACME Challenge Validation via Attacker-Controlled DNS

Risk 34

Severity

8.6

EPSS

0.01%

First published (updated )

CVE-2026-5052

HashiCorp VaultVault KVv2 Metadata and Secret Deletion Policy Bypass Denial-of-Service

Risk 60

Severity

8.1

First published (updated )

CVE-2026-3605

HashiCorp VaultVault Vulnerable to Denial of Service Due to Rate Limit Regression

Risk 43

Severity

7.5

First published (updated )

CVE-2025-12044

HashiCorp VaultVault AWS auth method bypass due to AWS client cache

Risk 60

Severity

8.1

First published (updated )

CVE-2025-11621

HashiCorp VaultVault unauthenticated denial of service through complex json payload

Risk 43

Severity

7.5

First published (updated )

CVE-2025-6203

HashiCorp VaultVault LDAP MFA Enforcement Bypass When Using Username As Alias

Risk 60

Severity

8.1

First published (updated )

CVE-2025-6013

HashiCorp VaultVault Certificate Auth Method Did Not Validate Common Name For Non-CA Certificates

Risk 61

Severity

6.8

First published (updated )

CVE-2025-6037

HashiCorp VaultVault’s Azure Authentication Method bound_location Restriction Could be Bypassed on Login

Risk 56

Severity

8.8

EPSS

0.04%

First published (updated )

CVE-2025-3879

HashiCorp VaultVault May Include Sensitive Data in Error Logs When Using the KV v2 Plugin

Risk 27

Severity

6.5

EPSS

0.03%

First published (updated )

CVE-2025-4166

HashiCorp Vault EnterpriseVault Enterprise Leaks Sensitive HTTP Request Headers in the Audit Log When Deployed With a Performance Standby Node

Risk 29

Severity

5.5

First published (updated )

CVE-2024-2877

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.

Trending

HashiCorp VaultVault Vulnerable to Denial-of-Service via Unauthenticated Root Token Generation/Rekey Operations

HashiCorp VaultVault Vulnerable to Server-Side Request Forgery in ACME Challenge Validation via Attacker-Controlled DNS

HashiCorp VaultVault KVv2 Metadata and Secret Deletion Policy Bypass Denial-of-Service

HashiCorp VaultVault Vulnerable to Denial of Service Due to Rate Limit Regression

HashiCorp VaultVault AWS auth method bypass due to AWS client cache

Don't miss critical vulnerabilities

HashiCorp VaultVault unauthenticated denial of service through complex json payload

HashiCorp VaultVault LDAP MFA Enforcement Bypass When Using Username As Alias

HashiCorp VaultVault Certificate Auth Method Did Not Validate Common Name For Non-CA Certificates

HashiCorp VaultVault’s Azure Authentication Method bound_location Restriction Could be Bypassed on Login

HashiCorp VaultVault May Include Sensitive Data in Error Logs When Using the KV v2 Plugin

Don't miss critical vulnerabilities

HashiCorp Vault EnterpriseVault Enterprise Leaks Sensitive HTTP Request Headers in the Audit Log When Deployed With a Performance Standby Node

Company

Resources

Contact