Where
-Infinity
0

Trending

Last week
Last month
Last year

Vendor Risk Score

See how hashicorp compares to other vendors in security performance

View Risk Score →

Accurics TerrascanSSRF

Risk 49
Severity
9.2
First published (updated )
CVE-2026-47357

HashiCorp NomadNomad vulnerable to path traversal in dynamic host volume which may lead to code execution

Risk 56
Severity
8.8
EPSS
0.04%
First published (updated )
CVE-2026-7474

HashiCorp Nomad exec2 task driverNomad's exec2 task driver vulnerable to arbitrary file read/write on client host through symlink attack

Risk 24
Severity
6
EPSS
0.03%
First published (updated )
CVE-2026-8052

HashiCorp NomadNomad vulnerable to arbitrary file read/write on client host through symlink attack

Risk 24
Severity
6
EPSS
0.01%
First published (updated )
CVE-2026-6959

HashiCorp consul-templateConsul-template vulnerable to sandbox path bypass in file helper via a symlink attack

Risk 28
Severity
4.7
First published (updated )
CVE-2026-5061
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

HashiCorp BoundaryBoundary Workers Vulnerable to Denial of Service During TLS Handshake

Risk 31
Severity
7.5
EPSS
0.04%
First published (updated )
CVE-2026-7776

HashiCorp Terraform 1.15End of life details

First published (updated )
EOL-terraform-1.15

HashiCorp Nomad 2.0End of life details

First published (updated )
EOL-nomad-2.0

HashiCorp VaultVault Vulnerable to Denial-of-Service via Unauthenticated Root Token Generation/Rekey Operations

Risk 31
Severity
7.5
EPSS
0.02%
First published (updated )
CVE-2026-5807

HashiCorp VaultVault Token Leaked to Backends via Authorization: Bearer Passthrough Header

Risk 79
Severity
8.8
First published (updated )
CVE-2026-4525
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

HashiCorp VaultVault Vulnerable to Server-Side Request Forgery in ACME Challenge Validation via Attacker-Controlled DNS

Risk 34
Severity
8.6
EPSS
0.01%
First published (updated )
CVE-2026-5052

HashiCorp VaultVault KVv2 Metadata and Secret Deletion Policy Bypass Denial-of-Service

Risk 60
Severity
8.1
First published (updated )
CVE-2026-3605

HashiCorp Vault 2.0End of life details

First published (updated )
EOL-hashicorp-vault-2.0

go/github.com/hashicorp/consulConsul vulnerable to arbitrary file reads through the vault kubernetes authentication provider

Risk 37
Severity
6.8
First published (updated )
CVE-2026-2808

HashiCorp Jenkins HashiCorp Vault PluginJenkins HashiCorp Vault Plugin 371.v884a_4dd60fb_6 and earlier does not set the appropriate context …

Risk 24
Severity
4.3
First published (updated )
CVE-2025-67642
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

HashiCorp Vault Terraform ProviderVault Terraform Provider Applied Incorrect Defaults for LDAP Auth Method

Risk 86
Severity
9.8
First published (updated )
CVE-2025-13357

HashiCorp TerraformTerraform Enterprise state versions can be created by users with specific permissions without sufficient write access

Risk 22
Severity
4.3
First published (updated )
CVE-2025-13432

HashiCorp Terraform 1.14End of life details

First published (updated )
EOL-terraform-1.14

HashiCorp Nomad 1.11End of life details

First published (updated )
EOL-nomad-1.11

HashiCorp ConsulConsul's KV endpoint is vulnerable to denial of service

Risk 38
Severity
6.5
First published (updated )
CVE-2025-11374
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

HashiCorp ConsulConsul's event endpoint is vulnerable to denial of service

Risk 38
Severity
6.5
First published (updated )
CVE-2025-11375

HashiCorp Consul 1.22End of life details

First published (updated )
EOL-consul-1.22

HashiCorp VaultVault Vulnerable to Denial of Service Due to Rate Limit Regression

Risk 43
Severity
7.5
First published (updated )
CVE-2025-12044

HashiCorp VaultVault AWS auth method bypass due to AWS client cache

Risk 60
Severity
8.1
First published (updated )
CVE-2025-11621

HashiCorp Vault 1.21Reached end of life

EOL
Apr 13, 2026
First published (updated )
EOL-hashicorp-vault-1.21
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

HashiCorp VaultVault unauthenticated denial of service through complex json payload

Risk 43
Severity
7.5
First published (updated )
CVE-2025-6203

HashiCorp Terraform 1.13Reached end of life

EOL
Apr 29, 2026
First published (updated )
EOL-terraform-1.13

HashiCorp go-getterHashiCorp go-getter Vulnerable to Arbitrary Read through Symlink Attack

Risk 31
Severity
7.5
EPSS
0.02%
First published (updated )
CVE-2025-8959

HashiCorp VaultVault LDAP MFA Enforcement Bypass When Using Username As Alias

Risk 60
Severity
8.1
First published (updated )
CVE-2025-6013

HashiCorp VaultVault Login MFA Bypass of Rate Limiting and TOTP Code Reuse

Risk 33
Severity
5.7
First published (updated )
CVE-2025-6015
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2026 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203