Known Vulnerabilities for Vault by HashiCorp
Listed below are 10 of the newest known vulnerabilities associated with "Vault" by "HashiCorp".
These CVEs are retrieved based on exact matches on listed software, hardware, and vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed software information are still displayed.
Data on known vulnerable versions is also displayed based on information from known CPEs
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-43913 json | Vaultwarden is a Bitwarden-compatible server written in Rust. Prior to 1.35.5, Vaultwarden allows an unconfirmed organization... | Not Provided | 2026-05-11 | 2026-05-11 |
| CVE-2026-43912 json | Vaultwarden is a Bitwarden-compatible server written in Rust. Prior to 1.35.5, Vaultwarden does not enforce that a groups_use... | Not Provided | 2026-05-11 | 2026-05-12 |
| CVE-2026-42602 json | azureauthextension is the Azure Authenticator Extension. From 0.124.0 to 0.150.0, a server-side authentication bypass in azur... | Not Provided | 2026-05-13 | 2026-05-14 |
| CVE-2026-42278 json | UltraDAG is a minimal DAG-BFT blockchain in Rust. Prior to commit fb6ef59, the UltraDAG StateEngine implementation of SmartTr... | Not Provided | 2026-05-08 | 2026-05-08 |
| CVE-2026-39946 json | OpenBao is an open source identity-based secrets management system. Prior to version 2.5.3, when OpenBao revoked privileges o... | Not Provided | 2026-04-21 | 2026-04-21 |
| CVE-2026-39388 json | OpenBao is an open source identity-based secrets management system. Prior to version 2.5.3, OpenBao's Certificate authenticat... | Not Provided | 2026-04-21 | 2026-04-21 |
| CVE-2026-34976 json | Dgraph is an open source distributed GraphQL database. Prior to 25.3.1, the restoreTenant admin mutation is missing from the ... | Not Provided | 2026-04-06 | 2026-04-07 |
| CVE-2026-33472 json | Cryptomator is an open-source client-side encryption application for cloud storage. Version 1.19.1 contains a logic flaw in C... | Not Provided | 2026-04-16 | 2026-04-20 |
| CVE-2026-9152 json | A missing authentication vulnerability exists in the Altium 365 SearchService. A legacy SOAP endpoint exposes search index op... | Not Provided | 2026-05-21 | 2026-05-21 |
| CVE-2026-8903 json | The Two-factor authentication (formerly IP Vault) plugin for WordPress is vulnerable to Cross-Site Request Forgery in all ver... | Not Provided | 2026-05-27 | 2026-05-27 |
Known Affected Configurations (CPE V2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Hashicorp | Vault | 1.7.0 | |||
| Application | Hashicorp | Vault | 1.7.0 | |||
| Application | Hashicorp | Vault | 1.6.3 | |||
| Application | Hashicorp | Vault | 1.6.3 | |||
| Application | Hashicorp | Vault | 1.6.2 | |||
| Application | Hashicorp | Vault | 1.6.2 | |||
| Application | Hashicorp | Vault | 1.6.1 | |||
| Application | Hashicorp | Vault | 1.6.1 | |||
| Application | Hashicorp | Vault | 1.6.0 | |||
| Application | Hashicorp | Vault | 1.6.0 | |||
| Application | Hashicorp | Vault | 1.5.7 | |||
| Application | Hashicorp | Vault | 1.5.7 | |||
| Application | Hashicorp | Vault | 1.5.6 | |||
| Application | Hashicorp | Vault | 1.5.6 | |||
| Application | Hashicorp | Vault | 1.5.5 | |||
| Application | Hashicorp | Vault | 1.5.5 | |||
| Application | Hashicorp | Vault | 1.5.4 | |||
| Application | Hashicorp | Vault | 1.5.4 | |||
| Application | Hashicorp | Vault | 1.5.3 | |||
| Application | Hashicorp | Vault | 1.5.3 |