Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

HashiCorp — Vulnerabilities & Security Advisories 88

Browse all 88 CVE security advisories affecting HashiCorp. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by HashiCorp:VaultNomadConsulShared libraryVault EnterpriseBoundaryToolingTerraform EnterpriseNomad EnterpriseVagrantgo-getterTerraform
CVE IDTitleCVSSSeverityPublished
CVE-2026-5807 Vault Vulnerable to Denial-of-Service via Unauthenticated Root Token Generation/Rekey Operations — VaultCWE-770 7.5 High2026-04-17
CVE-2026-4525 Vault Token Leaked to Backends via Authorization: Bearer Passthrough Header — VaultCWE-201 7.5 High2026-04-17
CVE-2026-5052 Vault Vulnerable to Server-Side Request Forgery in ACME Challenge Validation via Attacker-Controlled DNS — VaultCWE-918 5.3 Medium2026-04-17
CVE-2026-3605 Vault KVv2 Metadata and Secret Deletion Policy Bypass Denial-of-Service — VaultCWE-288 8.1 High2026-04-17
CVE-2026-4660 Go-getter may allow to arbitrary filesystem reads through git operations — ToolingCWE-200 7.5 High2026-04-09
CVE-2026-2808 Consul vulnerable to arbitrary file reads through the vault kubernetes authentication provider — ConsulCWE-59 6.8 Medium2026-03-11
CVE-2026-0969 Arbitrary code execution in React server-side rendering of untrusted MDX content — Shared libraryCWE-94 8.8 High2026-02-12
CVE-2025-13357 Vault Terraform Provider Applied Incorrect Defaults for LDAP Auth Method — ToolingCWE-1188 7.4 High2025-11-21
CVE-2025-13432 Terraform Enterprise state versions can be created by users with specific permissions without sufficient write access — Terraform EnterpriseCWE-863 4.3 Medium2025-11-21
CVE-2025-11374 Consul's KV endpoint is vulnerable to denial of service — ConsulCWE-770 6.5 Medium2025-10-28
CVE-2025-11375 Consul's event endpoint is vulnerable to denial of service — ConsulCWE-770 6.5 Medium2025-10-28
CVE-2025-12044 Vault Vulnerable to Denial of Service Due to Rate Limit Regression — VaultCWE-770 7.5 High2025-10-23
CVE-2025-11621 Vault AWS auth method bypass due to AWS client cache — VaultCWE-288 8.1 High2025-10-23
CVE-2025-6203 Vault unauthenticated denial of service through complex json payload — VaultCWE-770 7.5 High2025-08-28
CVE-2025-8959 HashiCorp go-getter Vulnerable to Arbitrary Read through Symlink Attack — Shared libraryCWE-59 7.5 High2025-08-15
CVE-2025-6013 Vault LDAP MFA Enforcement Bypass When Using Username As Alias — VaultCWE-156 6.5 Medium2025-08-06
CVE-2025-6015 Vault Login MFA Bypass of Rate Limiting and TOTP Code Reuse — VaultCWE-307 5.7 Medium2025-08-01
CVE-2025-6011 Timing Side-Channel in Vault’s Userpass Auth Method — VaultCWE-203 3.7 Low2025-08-01
CVE-2025-6004 Vault Userpass and LDAP User Lockout Bypass — VaultCWE-307 5.3 Medium2025-08-01
CVE-2025-6037 Vault Certificate Auth Method Did Not Validate Common Name For Non-CA Certificates — VaultCWE-295 6.8 Medium2025-08-01
CVE-2025-6014 Vault TOTP Secrets Engine Code Reuse — VaultCWE-156 6.5 Medium2025-08-01
CVE-2025-6000 Arbitrary Remote Code Execution via Plugin Catalog Abuse — VaultCWE-94 9.1 Critical2025-08-01
CVE-2025-5999 Vault Root Namespace Operator May Elevate Token Privileges — VaultCWE-266 7.2 High2025-08-01
CVE-2025-4656 Vault Vulnerable to Recovery Key Cancellation Denial of Service — VaultCWE-1088 3.1 Low2025-06-25
CVE-2025-4922 Nomad Vulnerable To Incorrect ACL Policy Lookup Attached To A Job — NomadCWE-266 8.1 High2025-06-11
CVE-2025-3744 Nomad Vulnerable To Violation Of Mandatory Sentinel Policies in Nomad Job Submissions via Policy Override — Nomad EnterpriseCWE-266 7.6 High2025-05-13
CVE-2025-3879 Vault’s Azure Authentication Method bound_location Restriction Could be Bypassed on Login — VaultCWE-863 6.6 Medium2025-05-02
CVE-2025-4166 Vault May Include Sensitive Data in Error Logs When Using the KV v2 Plugin — VaultCWE-209 4.5 Medium2025-05-02
CVE-2025-1296 Nomad Exposes Sensitive Workload Identity and Client Secret Token in Audit Logs — NomadCWE-532 6.5 Medium2025-03-10
CVE-2025-1293 HashiCorp Hermes Improperly Validates AWS ALB JWTs, which May Lead to Authentication Bypass — ToolingCWE-1390 8.2 High2025-02-20

This page lists every published CVE security advisory associated with HashiCorp. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.