Known Vulnerabilities for Vault by Hashicorp
Listed below are 10 of the newest known vulnerabilities associated with "Vault" by "Hashicorp".
These CVEs are retrieved based on exact matches on listed software, hardware, and vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed software information are still displayed.
Data on known vulnerable versions is also displayed based on information from known CPEs
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-39946 json | OpenBao is an open source identity-based secrets management system. Prior to version 2.5.3, when OpenBao revoked privileges o... | Not Provided | 2026-04-21 | 2026-04-21 |
| CVE-2026-39388 json | OpenBao is an open source identity-based secrets management system. Prior to version 2.5.3, OpenBao's Certificate authenticat... | Not Provided | 2026-04-21 | 2026-04-21 |
| CVE-2026-34976 json | Dgraph is an open source distributed GraphQL database. Prior to 25.3.1, the restoreTenant admin mutation is missing from the ... | Not Provided | 2026-04-06 | 2026-04-07 |
| CVE-2026-33472 json | Cryptomator is an open-source client-side encryption application for cloud storage. Version 1.19.1 contains a logic flaw in C... | Not Provided | 2026-04-16 | 2026-04-20 |
| CVE-2026-5807 json | Vault is vulnerable to a denial-of-service condition where an unauthenticated attacker can repeatedly initiate or cancel root... | Not Provided | 2026-04-17 | 2026-04-17 |
| CVE-2026-5052 json | Vault’s PKI engine’s ACME validation did not reject local targets when issuing http-01 and tls-alpn-01 challenges. This m... | Not Provided | 2026-04-17 | 2026-04-17 |
| CVE-2026-4525 json | If a Vault auth mount is configured to pass through the "Authorization" header, and the "Authorization" header is used to aut... | Not Provided | 2026-04-17 | 2026-04-17 |
| CVE-2026-3605 json | An authenticated user with access to a kvv2 path through a policy containing a glob may be able to delete secrets they were n... | Not Provided | 2026-04-17 | 2026-04-17 |
| CVE-2023-25000 json | HashiCorp Vault's implementation of Shamir's secret sharing used precomputed table lookups, and was vulnerable to cache-timin... | 4.7 - MEDIUM | 2023-03-30 | 2023-05-26 |
| CVE-2023-24999 json | HashiCorp Vault and Vault Enterprise’s approle auth method allowed any authenticated user with access to an approle destroy... | 8.1 - HIGH | 2023-03-11 | 2023-05-05 |
Known Affected Configurations (CPE V2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Hashicorp | Vault | 1.7.0 | |||
| Application | Hashicorp | Vault | 1.7.0 | |||
| Application | Hashicorp | Vault | 1.6.3 | |||
| Application | Hashicorp | Vault | 1.6.3 | |||
| Application | Hashicorp | Vault | 1.6.2 | |||
| Application | Hashicorp | Vault | 1.6.2 | |||
| Application | Hashicorp | Vault | 1.6.1 | |||
| Application | Hashicorp | Vault | 1.6.1 | |||
| Application | Hashicorp | Vault | 1.6.0 | |||
| Application | Hashicorp | Vault | 1.6.0 | |||
| Application | Hashicorp | Vault | 1.5.7 | |||
| Application | Hashicorp | Vault | 1.5.7 | |||
| Application | Hashicorp | Vault | 1.5.6 | |||
| Application | Hashicorp | Vault | 1.5.6 | |||
| Application | Hashicorp | Vault | 1.5.5 | |||
| Application | Hashicorp | Vault | 1.5.5 | |||
| Application | Hashicorp | Vault | 1.5.4 | |||
| Application | Hashicorp | Vault | 1.5.4 | |||
| Application | Hashicorp | Vault | 1.5.3 | |||
| Application | Hashicorp | Vault | 1.5.3 |