CVE-2026-5807

< 2.0.0

Vault is vulnerable to a denial-of-service condition where an unauthenticated attacker can repeatedly initiate or cancel root toke

7.5HIGH

CVE-2026-5052

>= 1.14.0 and < 2.0.0

Vault’s PKI engine’s ACME validation did not reject local targets when issuing http-01 and tls-alpn-01 challenges. This may le

5.3MEDIUM

CVE-2026-4525

>= 0.11.2 and < 2.0.0

If a Vault auth mount is configured to pass through the "Authorization" header, and the "Authorization" header is used to authenti

7.5HIGH

CVE-2026-3605

>= 0.10.0 and < 2.0.0

An authenticated user with access to a kvv2 path through a policy containing a glob may be able to delete secrets they were not au

8.1HIGH

CVE-2025-12044

>= 1.20.3 and < 1.21.0

Vault and Vault Enterprise (“Vault”) are vulnerable to an unauthenticated denial of service when processing JSON payloads. Thi

7.5HIGH

CVE-2025-11621

>= 0.6.0 and < 1.21.0

Vault and Vault Enterprise’s (“Vault”) AWS Auth method may be susceptible to authentication bypass if the role of the config

8.1HIGH

CVE-2025-6203

>= 1.15.0 and < 1.21.0

A malicious user may submit a specially-crafted complex payload that otherwise meets the default request size limit which results

7.5HIGH

CVE-2025-6013

>= 1.10.0 and < 1.20.2

Vault and Vault Enterprise’s (“Vault”) ldap auth method may not have correctly enforced MFA if username_as_alias was set to

6.5MEDIUM

CVE-2025-6037

< 1.20.1

Vault and Vault Enterprise (“Vault”) TLS certificate auth method did not correctly validate client certificates when configure

6.8MEDIUM

CVE-2025-6015

>= 1.10.0 and < 1.20.1

Vault and Vault Enterprise’s (“Vault”) login MFA rate limits could be bypassed and TOTP tokens could be reused. Fixed in Vau

5.7MEDIUM

CVE-2025-6014

< 1.20.1

Vault and Vault Enterprise’s (“Vault”) TOTP Secrets Engine code validation endpoint is susceptible to code reuse within its

6.5MEDIUM

CVE-2025-6011

< 1.20.1

A timing side channel in Vault and Vault Enterprise’s (“Vault”) userpass auth method allowed an attacker to distinguish betw

3.7LOW

CVE-2025-6004

>= 1.13.0 and < 1.20.1

Vault and Vault Enterprise’s (“Vault”) user lockout feature could be bypassed for Userpass and LDAP authentication methods.

5.3MEDIUM

CVE-2025-6000

>= 0.8.0 and < 1.20.1

A privileged Vault operator within the root namespace with write permission to {{sys/audit}} may obtain code execution on the unde

9.1CRITICAL

CVE-2025-5999

>= 0.10.4 and < 1.20.0

A privileged Vault operator with write permissions to the root namespace’s identity endpoint could escalate their own or another

7.2HIGH

CVE-2025-5039

>= 2026 and < 2026.0.2

A maliciously crafted binary file, when present while loading files in certain Autodesk applications, could lead to execution of a

7.8HIGH

CVE-2025-4656

>= 1.14.8 and < 1.20.0

Vault Community and Vault Enterprise rekey and recovery key operations can lead to a denial of service due to uncontrolled cancell

3.1LOW

CVE-2025-3879

>= 0.10.0 and < 1.19.1

Vault Community, Vault Enterprise (“Vault”) Azure Auth method did not correctly validate the claims in the Azure-issued token,

6.6MEDIUM

CVE-2025-4166

>= 0.3.0 and < 1.19.3

Vault Community and Vault Enterprise Key/Value (kv) Version 2 plugin may unintentionally expose sensitive information in server an

4.5MEDIUM

CVE-2025-1276

>= 2024 and < 2024.1.7

A maliciously crafted DWG file, when parsed through certain Autodesk applications, can force an Out-of-Bounds Write vulnerability.

7.8HIGH

CVE-2024-8185

>= 1.2.0 and < 1.18.1

Vault Community and Vault Enterprise (“Vault”) clusters using Vault’s Integrated Storage backend are vulnerable to a denial-

7.5HIGH

CVE-2024-9180

>= 1.7.7 and < 1.18.0

A privileged Vault operator with write permissions to the root namespace’s identity endpoint could escalate their own or another

7.2HIGH

CVE-2024-7594

>= 1.7.7 and < 1.17.6

Vault’s SSH secrets engine did not require the valid_principals list to contain a value by default. If the valid_principals and

7.5HIGH

CVE-2024-8365

< 1.17.5

Vault Community Edition and Vault Enterprise experienced a regression where functionality that HMAC’d sensitive headers in the c

6.2MEDIUM

CVE-2024-6468

>= 1.10.0 and < 1.15.12

Vault and Vault Enterprise did not properly handle requests originating from unauthorized IP addresses when the TCP listener optio

7.5HIGH

CVE-2024-5798

>= 0.11.0 and < 1.15.9

Vault and Vault Enterprise did not properly validate the JSON Web Token (JWT) role-bound audience claim when using the Vault JWT a

2.6LOW

CVE-2024-2877

>= 1.15.0 and < 1.15.8

Vault Enterprise, when configured with performance standby nodes and a configured audit device, will inadvertently log request hea

5.5MEDIUM

CVE-2024-2660

>= 1.14.0 and < 1.16.0

Vault and Vault Enterprise TLS certificates auth method did not correctly validate OCSP responses when one or more OCSP sources we

6.4MEDIUM

CVE-2024-2048

< 1.14.10

Vault and Vault Enterprise (“Vault”) TLS certificate auth method did not correctly validate client certificates when configure

8.1HIGH

CVE-2024-0831

>= 1.15.0 and < 1.15.5

Vault and Vault Enterprise (“Vault”) may expose sensitive information when enabling an audit device which specifies the `log_r

4.5MEDIUM

CVE-2023-6337

<= 1.12.0

HashiCorp Vault and Vault Enterprise 1.12.0 and newer are vulnerable to a denial of service through memory exhaustion of the host

7.5HIGH

CVE-2023-5954

>= 1.13.7 and < 1.13.10

HashiCorp Vault and Vault Enterprise inbound client requests triggering a policy check can lead to an unbounded consumption of mem

5.9MEDIUM

CVE-2023-5077

>= 0.10.0 and < 1.13.0

The Vault and Vault Enterprise ("Vault") Google Cloud secrets engine did not preserve existing Google Cloud IAM Conditions upon cr

7.6HIGH

CVE-2023-3775

>= 0.11.0 and < 1.13.8

A Vault Enterprise Sentinel Role Governing Policy created by an operator to restrict access to resources in one namespace can be a

4.2MEDIUM

CVE-2023-4680

>= 1.6.0 and < 1.12.11

HashiCorp Vault and Vault Enterprise transit secrets engine allowed authorized users to specify arbitrary nonces, even with conver

6.8MEDIUM

CVE-2023-3462

>= 1.13.0 and < 1.13.5

HashiCorp's Vault and Vault Enterprise are vulnerable to user enumeration when using the LDAP auth method. An attacker may submit

5.3MEDIUM

CVE-2023-3774

all versions

An unhandled error in Vault Enterprise's namespace creation may cause the Vault process to crash, potentially resulting in denial

4.9MEDIUM

CVE-2023-2121

< 1.11.11

Vault and Vault Enterprise's (Vault) key-value v2 (kv-v2) diff viewer allowed HTML injection into the Vault web UI through key val

4.3MEDIUM

CVE-2023-2197

>= 1.13.0 and < 1.13.2

HashiCorp Vault Enterprise 1.13.0 up to 1.13.1 is vulnerable to a padding oracle attack when using an HSM in conjunction with the�

2.5LOW

CVE-2023-25000

< 1.11.9

HashiCorp Vault's implementation of Shamir's secret sharing used precomputed table lookups, and was vulnerable to cache-timing att

5.0MEDIUM

CVE-2023-0665

< 1.11.9

HashiCorp Vault's PKI mount issuer endpoints did not correctly authorize access to remove an issuer or modify issuer metadata, pot

6.5MEDIUM

CVE-2023-0620

< 1.11.9

HashiCorp Vault and Vault Enterprise versions 0.8.0 through 1.13.1 are vulnerable to an SQL injection attack when configuring the

6.5MEDIUM

CVE-2023-24999

< 1.10.11

HashiCorp Vault and Vault Enterprise’s approle auth method allowed any authenticated user with access to an approle destroy endp

4.4MEDIUM

CVE-2022-41316

< 1.9.10

HashiCorp Vault and Vault Enterprise’s TLS certificate auth method did not initially load the optionally configured CRL issued b

5.3MEDIUM

CVE-2022-40186

>= 1.8.0 and < 1.9.9

An issue was discovered in HashiCorp Vault and Vault Enterprise before 1.11.3. A vulnerability in the Identity Engine was found wh

9.1CRITICAL

CVE-2022-36129

>= 1.7.0 and <= 1.9.7

HashiCorp Vault Enterprise 1.7.0 through 1.9.7, 1.10.4, and 1.11.0 clusters using Integrated Storage expose an unauthenticated API

9.1CRITICAL

CVE-2022-30689

>= 1.10.0 and < 1.10.3

HashiCorp Vault and Vault Enterprise from 1.10.0 to 1.10.2 did not correctly configure and enforce MFA on login after server resta

5.3MEDIUM

CVE-2022-25244

>= 1.7.0 and < 1.7.10

Vault Enterprise clusters using the tokenization transform feature can expose the tokenization key through the tokenization key co

6.5MEDIUM

CVE-2022-25243

>= 1.8.0 and < 1.8.9

"Vault and Vault Enterprise 1.8.0 through 1.8.8, and 1.9.3 allowed the PKI secrets engine under certain configurations to issue wi

6.5MEDIUM

CVE-2021-45042

>= 1.4.0 and < 1.7.7

In HashiCorp Vault and Vault Enterprise before 1.7.7, 1.8.x before 1.8.6, and 1.9.x before 1.9.1, clusters using the Integrated St

4.9MEDIUM

CVE-2021-43998

>= 0.11.0 and <= 1.7.5

HashiCorp Vault and Vault Enterprise 0.11.0 up to 1.7.5 and 1.8.4 templated ACL policies would always match the first-created enti

6.5MEDIUM

CVE-2021-42135

>= 1.8.0 and <= 1.8.4

HashiCorp Vault and Vault Enterprise 1.8.x through 1.8.4 may have an unexpected interaction between glob-related policies and the

8.1HIGH

CVE-2021-41802

< 1.7.5

HashiCorp Vault and Vault Enterprise through 1.7.4 and 1.8.3 allowed a user with write permission to an entity alias ID sharing a

2.9LOW

CVE-2021-27668

>= 0.9.2 and < 1.6.3

HashiCorp Vault Enterprise 0.9.2 through 1.6.2 allowed the read of license metadata from DR secondaries without authentication. Fi

5.3MEDIUM

CVE-2021-38554

< 1.8.0

HashiCorp Vault and Vault Enterprise’s UI erroneously cached and exposed user-viewed secrets between sessions in a single shared

5.3MEDIUM

CVE-2021-38553

>= 1.4.0 and < 1.8.0

HashiCorp Vault and Vault Enterprise 1.4.0 through 1.7.3 initialized an underlying database file associated with the Integrated St

4.4MEDIUM

CVE-2021-32923

>= 0.10.0 and < 1.5.9

HashiCorp Vault and Vault Enterprise allowed the renewal of nearly-expired token leases and dynamic secret leases (specifically, t

7.4HIGH

CVE-2021-32074

>= 0.1.0 and < 2.2.0

HashiCorp vault-action (aka Vault GitHub Action) before 2.2.0 allows attackers to obtain sensitive information from log files beca

7.5HIGH

CVE-2021-29653

>= 1.5.1 and < 1.5.8

HashiCorp Vault and Vault Enterprise 1.5.1 and newer, under certain circumstances, may exclude revoked but unexpired certificates

7.5HIGH

CVE-2021-27400

< 1.6.4

HashiCorp Vault and Vault Enterprise Cassandra integrations (storage backend and database secrets engine plugin) did not validate

7.5HIGH

CVE-2021-3282

all versions

HashiCorp Vault Enterprise 1.6.0 & 1.6.1 allowed the remove-peer raft operator command to be executed against DR secondaries wit

7.5HIGH

CVE-2021-3024

< 1.5.7

HashiCorp Vault and Vault Enterprise disclosed the internal IP address of the Vault node when responding to some invalid, unauthen

5.3MEDIUM

CVE-2020-25594

< 1.5.7

HashiCorp Vault and Vault Enterprise allowed for enumeration of Secrets Engine mount paths via unauthenticated HTTP requests. Fixe

5.3MEDIUM

CVE-2020-35453

>= 1.5.0 and < 1.5.6

HashiCorp Vault Enterprise’s Sentinel EGP policy feature incorrectly allowed requests to be processed in parent and sibling name

5.3MEDIUM

CVE-2020-35177

>= 1.5.0 and < 1.5.6

HashiCorp Vault and Vault Enterprise 1.4.1 and newer allowed the enumeration of users via the LDAP auth method. Fixed in 1.5.6 and

5.3MEDIUM

CVE-2020-35192

>= 0.6.0 and < 0.11.6

The official vault docker images before 0.11.6 contain a blank password for a root user. System using the vault docker container d

9.8CRITICAL

CVE-2020-25816

>= 1.0.0 and < 1.4.7

HashiCorp Vault and Vault Enterprise versions 1.0 and newer allowed leases created with a batch token to outlive their TTL because

6.8MEDIUM

CVE-2020-16251

>= 0.8.3 and < 1.2.5

HashiCorp Vault and Vault Enterprise versions 0.8.3 and newer, when configured with the GCP GCE auth method, may be vulnerable to

8.2HIGH

CVE-2020-16250

>= 0.7.1 and < 1.2.5

HashiCorp Vault and Vault Enterprise versions 0.7.1 and newer, when configured with the AWS IAM auth method, may be vulnerable to

8.2HIGH

CVE-2020-24359

< 0.2.0

HashiCorp vault-ssh-helper up to and including version 0.1.6 incorrectly accepted Vault-issued SSH OTPs for the subnet in which a

7.5HIGH

CVE-2020-13223

< 1.3.6

HashiCorp Vault and Vault Enterprise logged proxy environment variables that potentially included sensitive credentials. Fixed in

7.5HIGH

CVE-2020-12757

>= 1.4.0 and < 1.4.2

HashiCorp Vault and Vault Enterprise 1.4.0 and 1.4.1, when configured with the GCP Secrets Engine, may incorrectly generate GCP Cr

9.8CRITICAL

CVE-2020-10661

>= 0.11.0 and <= 1.3.3

HashiCorp Vault and Vault Enterprise versions 0.11.0 through 1.3.3 may, under certain circumstances, have existing nested-path pol

9.1CRITICAL

CVE-2020-10660

>= 0.9.0 and <= 1.3.3

HashiCorp Vault and Vault Enterprise versions 0.9.0 through 1.3.3 may, under certain circumstances, have an Entity's Group members

5.3MEDIUM

CVE-2020-7220

>= 0.11.0 and < 1.3.2

HashiCorp Vault Enterprise 0.11.0 through 1.3.1 fails, in certain circumstances, to revoke dynamic secrets for a mount in a delete

7.5HIGH

CVE-2018-19786

< 1.0.0

HashiCorp Vault before 1.0.0 writes the master key to the server log in certain unusual or misconfigured scenarios in which incorr

8.1HIGH

CVE-2015-5711

<= 2.0.0

TIBCO Managed File Transfer Internet Server before 7.2.5, Managed File Transfer Command Center before 7.2.5, Slingshot before 1.9.

CVE-2014-7194

<= 1.1.0

TIBCO Managed File Transfer Internet Server before 7.2.4, Managed File Transfer Command Center before 7.2.4, Slingshot before 1.9.

CVE-2014-2545

<= 1.0.0

TIBCO Managed File Transfer Internet Server before 7.2.2, Managed File Transfer Command Center before 7.2.2, Slingshot before 1.9.