Known Vulnerabilities for Vault by HashiCorp
Listed below are 10 of the newest known vulnerabilities associated with "Vault" by "HashiCorp".
These CVEs are retrieved based on exact matches on listed software, hardware, and vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed software information are still displayed.
Data on known vulnerable versions is also displayed based on information from known CPEs
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-43913 json | Vaultwarden is a Bitwarden-compatible server written in Rust. Prior to 1.35.5, Vaultwarden allows an unconfirmed organization... | Not Provided | 2026-05-11 | 2026-05-11 |
| CVE-2026-43912 json | Vaultwarden is a Bitwarden-compatible server written in Rust. Prior to 1.35.5, Vaultwarden does not enforce that a groups_use... | Not Provided | 2026-05-11 | 2026-05-12 |
| CVE-2026-42278 json | UltraDAG is a minimal DAG-BFT blockchain in Rust. Prior to commit fb6ef59, the UltraDAG StateEngine implementation of SmartTr... | Not Provided | 2026-05-08 | 2026-05-08 |
| CVE-2026-39946 json | OpenBao is an open source identity-based secrets management system. Prior to version 2.5.3, when OpenBao revoked privileges o... | Not Provided | 2026-04-21 | 2026-04-21 |
| CVE-2026-39388 json | OpenBao is an open source identity-based secrets management system. Prior to version 2.5.3, OpenBao's Certificate authenticat... | Not Provided | 2026-04-21 | 2026-04-21 |
| CVE-2026-34976 json | Dgraph is an open source distributed GraphQL database. Prior to 25.3.1, the restoreTenant admin mutation is missing from the ... | Not Provided | 2026-04-06 | 2026-04-07 |
| CVE-2026-33472 json | Cryptomator is an open-source client-side encryption application for cloud storage. Version 1.19.1 contains a logic flaw in C... | Not Provided | 2026-04-16 | 2026-04-20 |
| CVE-2026-6706 json | Improper access control in the vault documentation feature in Devolutions Server allows an authenticated attacker to read d... | Not Provided | 2026-04-28 | 2026-04-30 |
| CVE-2026-5807 json | Vault is vulnerable to a denial-of-service condition where an unauthenticated attacker can repeatedly initiate or cancel root... | Not Provided | 2026-04-17 | 2026-04-17 |
| CVE-2026-5052 json | Vault’s PKI engine’s ACME validation did not reject local targets when issuing http-01 and tls-alpn-01 challenges. This m... | Not Provided | 2026-04-17 | 2026-04-17 |
Known Affected Configurations (CPE V2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Hashicorp | Vault | 1.7.0 | |||
| Application | Hashicorp | Vault | 1.7.0 | |||
| Application | Hashicorp | Vault | 1.6.3 | |||
| Application | Hashicorp | Vault | 1.6.3 | |||
| Application | Hashicorp | Vault | 1.6.2 | |||
| Application | Hashicorp | Vault | 1.6.2 | |||
| Application | Hashicorp | Vault | 1.6.1 | |||
| Application | Hashicorp | Vault | 1.6.1 | |||
| Application | Hashicorp | Vault | 1.6.0 | |||
| Application | Hashicorp | Vault | 1.6.0 | |||
| Application | Hashicorp | Vault | 1.5.7 | |||
| Application | Hashicorp | Vault | 1.5.7 | |||
| Application | Hashicorp | Vault | 1.5.6 | |||
| Application | Hashicorp | Vault | 1.5.6 | |||
| Application | Hashicorp | Vault | 1.5.5 | |||
| Application | Hashicorp | Vault | 1.5.5 | |||
| Application | Hashicorp | Vault | 1.5.4 | |||
| Application | Hashicorp | Vault | 1.5.4 | |||
| Application | Hashicorp | Vault | 1.5.3 | |||
| Application | Hashicorp | Vault | 1.5.3 |