Known Vulnerabilities for products from HashiCorp
Listed below are 20 of the newest known vulnerabilities associated with the vendor "HashiCorp".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-39946 json | Not Provided | 2026-04-21 | 2026-04-21 | |
| CVE-2026-39388 json | Not Provided | 2026-04-21 | 2026-04-21 | |
| CVE-2026-8052 json | Not Provided | 2026-05-12 | 2026-05-12 | |
| CVE-2026-7474 json | Not Provided | 2026-05-12 | 2026-05-12 | |
| CVE-2026-6959 json | Not Provided | 2026-05-12 | 2026-05-12 | |
| CVE-2026-5807 json | Vault is vulnerable to a denial-of-service condition where an unauthenticated attacker can repeatedly initiate or cancel root... | Not Provided | 2026-04-17 | 2026-04-27 |
| CVE-2026-5052 json | Vault’s PKI engine’s ACME validation did not reject local targets when issuing http-01 and tls-alpn-01 challenges. This m... | Not Provided | 2026-04-17 | 2026-04-27 |
| CVE-2026-4660 json | Not Provided | 2026-04-09 | 2026-04-13 | |
| CVE-2026-4525 json | If a Vault auth mount is configured to pass through the "Authorization" header, and the "Authorization" header is used to aut... | Not Provided | 2026-04-17 | 2026-04-27 |
| CVE-2026-3605 json | An authenticated user with access to a kvv2 path through a policy containing a glob may be able to delete secrets they were n... | Not Provided | 2026-04-17 | 2026-04-25 |
| CVE-2023-25000 json | HashiCorp Vault's implementation of Shamir's secret sharing used precomputed table lookups, and was vulnerable to cache-timin... | 4.7 - MEDIUM | 2023-03-30 | 2023-05-26 |
| CVE-2023-24999 json | HashiCorp Vault and Vault Enterprise’s approle auth method allowed any authenticated user with access to an approle destroy... | 8.1 - HIGH | 2023-03-11 | 2023-05-05 |
| CVE-2023-5954 json | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 7.5 - HIGH | 2023-11-09 | 2023-11-16 |
| CVE-2023-5834 json | HashiCorp Vagrant's Windows installer targeted a custom location with a non-protected path that could be junctioned, introduc... | 7.8 - HIGH | 2023-10-27 | 2023-11-13 |
| CVE-2023-5332 json | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 8.1 - HIGH | 2023-12-04 | 2023-12-07 |
| CVE-2023-5077 json | The Vault and Vault Enterprise ("Vault") Google Cloud secrets engine did not preserve existing Google Cloud IAM Conditions up... | 7.5 - HIGH | 2023-09-29 | 2023-10-02 |
| CVE-2023-4782 json | Terraform version 1.0.8 through 1.5.6 allows arbitrary file write during the `init` operation if run on maliciously crafted T... | 7.8 - HIGH | 2023-09-08 | 2023-09-12 |
| CVE-2023-4680 json | HashiCorp Vault and Vault Enterprise transit secrets engine allowed authorized users to specify arbitrary nonces, even with c... | 6.8 - MEDIUM | 2023-09-15 | 2023-09-20 |
| CVE-2023-3775 json | A Vault Enterprise Sentinel Role Governing Policy created by an operator to restrict access to resources in one namespace can... | 4.9 - MEDIUM | 2023-09-29 | 2023-10-02 |
| CVE-2023-3774 json | An unhandled error in Vault Enterprise's namespace creation may cause the Vault process to crash, potentially resulting in de... | 4.9 - MEDIUM | 2023-07-28 | 2023-08-03 |
Known software with vulnerabilities from HashiCorp
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Hashicorp | Boundary | 0.1.0 |
| Application | Hashicorp | Consul | 0.1.0 |
| Application | Hashicorp | Consul Docker Image | 0.6.4 |
| Application | Hashicorp | Go-slug | 0.1.0 |
| Application | Hashicorp | Nomad | 0.0.0 |
| Application | Hashicorp | Packer | 0.1.0 |
| Application | Hashicorp | Sentinel | 0.1.0 |
| Application | Hashicorp | Terraform | 0.1.0 |
| Application | Hashicorp | Terraform Enterprise | 202007-1 |
| Application | Hashicorp | Vagrant | 5.0.1 |
| Application | Hashicorp | Vagrant Vmware Fusion | 2.3.5 |
| Application | Hashicorp | Vault | 0.1.0 |
| Application | Hashicorp | Vault-ssh-helper | - |
| Application | Hashicorp | Waypoint | 0.0.1 |