github.com/hashicorp/vault
Go55 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting github.com/hashicorp/vaultpage 2 of 2
- CVE-2025-6203HIGHCVSS 7.5EG 7.5✓ Fixed in 1.20.32025-08-28
A malicious user may submit a specially-crafted complex payload that otherwise meets the default request size limit which results in excessive memory and CPU consumption of Vault. This may lead to a timeout in Vault’s auditing subroutine…
- CVE-2026-3605HIGHCVSS 8.1EG 8.12026-04-17
An authenticated user with access to a kvv2 path through a policy containing a glob may be able to delete secrets they were not authorized to read or write, resulting in denial-of-service. This vulnerability did not allow a malicious user …
- CVE-2026-4525HIGHCVSS 8.8EG 7.52026-04-17
If a Vault auth mount is configured to pass through the "Authorization" header, and the "Authorization" header is used to authenticate to Vault, Vault forwarded the Vault token to the auth plugin backend. Fixed in 2.0.0, 1.21.5, 1.20.10, a…
- CVE-2026-5052MEDIUMCVSS 5.3EG 5.32026-04-17
Vault’s PKI engine’s ACME validation did not reject local targets when issuing http-01 and tls-alpn-01 challenges. This may lead to these requests being sent to local network targets, potentially leading to information disclosure. Fixe…
- CVE-2026-5807HIGHCVSS 7.5EG 7.52026-04-17
Vault is vulnerable to a denial-of-service condition where an unauthenticated attacker can repeatedly initiate or cancel root token generation or rekey operations, occupying the single in-progress operation slot. This prevents legitimate o…
Check whether github.com/hashicorp/vault is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for github.com/hashicorp/vault CVEs against the assets you own.
Start Free Scan →