Known Vulnerabilities for Vault Enterprise by HashiCorp
Listed below are 9 of the newest known vulnerabilities associated with "Vault Enterprise" by "HashiCorp".
These CVEs are retrieved based on exact matches on listed software, hardware, and vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed software information are still displayed.
Data on known vulnerable versions is also displayed based on information from known CPEs
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-11429 json | Two endpoints in the Vault Service ScriptsController, shared by Altium Enterprise Server and Altium 365, accept file uploads ... | Not Provided | 2026-06-05 | 2026-06-09 |
| CVE-2026-11419 json | A path traversal vulnerability exists in the Altium Enterprise Server Vault Service UploadController due to improper validati... | Not Provided | 2026-06-05 | 2026-06-05 |
| CVE-2026-11414 json | A hard-coded cryptographic key is used by Altium Enterprise Server to sign file download URLs in the Vault service. Because t... | Not Provided | 2026-06-05 | 2026-06-09 |
| CVE-2026-9152 json | A missing authentication vulnerability exists in the Altium 365 SearchService. A legacy SOAP endpoint exposes search index op... | Not Provided | 2026-05-21 | 2026-05-21 |
| CVE-2026-5807 json | Vault is vulnerable to a denial-of-service condition where an unauthenticated attacker can repeatedly initiate or cancel root... | Not Provided | 2026-04-17 | 2026-06-30 |
| CVE-2026-5052 json | Vault’s PKI engine’s ACME validation did not reject local targets when issuing http-01 and tls-alpn-01 challenges. This m... | Not Provided | 2026-04-17 | 2026-04-17 |
| CVE-2026-5051 json | HashiCorp Vault and Vault Enterprise prior to 2.0.1 audit device validation logic did not consistently apply plugin directory... | Not Provided | 2026-07-01 | 2026-07-01 |
| CVE-2026-3605 json | An authenticated user with access to a kvv2 path through a policy containing a glob may be able to delete secrets they were n... | Not Provided | 2026-04-17 | 2026-06-30 |
| CVE-2013-1609 json | Multiple unquoted Windows search path vulnerabilities in the (1) File Collector and (2) File PlaceHolder services in Symantec... | Not Provided | 2013-03-26 | 2026-05-22 |