GHSA-rx9v-2fjr-mhx5MediumCVSS 4.4

HashiCorp Vault and Vault Enterprise prior to 2.0.1 audit device validation logic did not...

Published
July 1, 2026
Last Modified
July 1, 2026

🔗 CVE IDs covered (1)

📋 Description

HashiCorp Vault and Vault Enterprise prior to 2.0.1 audit device validation logic did not consistently apply plugin directory protections when the legacy file audit path option was used.

This vulnerability (CVE-2026-5051) is fixed in 2.0.1, 1.21.6, 1.20.11, and 1.19.17.

🔗 References (3)