Hashicorp Latest High & Critical Vulnerabilities

Latest High & Critical vulnerabilities published by hashicorp

JSON RSS CSV 🔔 Create Alert Trigger

1 August 2025

Privileged Code Execution Vulnerability in HashiCorp Vault
CVE-2025-6000
HashicorpVault9.1CRITICAL
Privilege Escalation Vulnerability in HashiCorp Vault by HashiCorp
CVE-2025-5999
HashicorpVault7.2HIGH

11 June 2025

ACL Policy Lookup Issue in Nomad Community and Nomad Enterprise
CVE-2025-4922
HashicorpNomad8.1HIGH

13 May 2025

Bypassing Sentinel Policies in Nomad Enterprise by HashiCorp
CVE-2025-3744
HashicorpNomad Enterprise7.6HIGH

2 May 2025

Authentication Method Flaw in Vault by HashiCorp
CVE-2025-3879
HashicorpVault8.8HIGH

20 February 2025

Authentication Bypass in Hermes by HashiCorp Affecting AWS ALB Integration
CVE-2025-1293
HashicorpTooling8.2HIGH

12 February 2025

Event Stream Namespace ACL Policy Bypass in Nomad by HashiCorp
CVE-2025-0937
HashicorpNomad7.1HIGH

21 January 2025

Zip-Slip Vulnerability in HashiCorp's go-slug Library
CVE-2025-0377
HashicorpShared Library7.5HIGH

7 November 2024

Arbitrary Cross-Namespace Volume Creation Vulnerability
CVE-2024-10975
HashicorpNomad7.7HIGH

10 October 2024

Root Privileges Escalation Vulnerability in Vault
CVE-2024-9180
HashicorpVault7.2HIGH

26 September 2024

Vault SSH secrets engine vulnerability: unauthorized access via SSH certificates
CVE-2024-7594
HashicorpVault8.8HIGH

23 July 2024

Nomad Platform Vulnerable to Path Escape During Migration
CVE-2024-6717
HashicorpNomad7.7HIGH

25 June 2024

Malicious Git Configuration Execution via go-getter Library
CVE-2024-6257
HashicorpShared Library8.4HIGH

12 June 2024

Vault Incorrectly Validated JSON Web Tokens (JWT) Audience Claims
CVE-2024-5798
HashicorpVault7.5HIGH

17 April 2024

Git Injection Vulnerability Affects HashiCorp's go-getter Library
CVE-2024-3817
HashicorpShared Library9.8CRITICAL

4 March 2024

Certificate Validation Bypass Vulnerability
CVE-2024-2048
HashicorpVault📈📰9.8CRITICAL

8 February 2024

Nomad Client User Arbitrary File Write Vulnerability
CVE-2024-1329
HashicorpNomad7.5HIGH

5 February 2024

TLS Certificate Tampering Vulnerability in Boundary Enterprise
CVE-2024-1052
HashicorpBoundary8HIGH

8 December 2023

Vault May be Vulnerable to a Denial of Service Through Memory Exhaustion When Handling Large HTTP Requests
CVE-2023-6337
HashicorpVault7.5HIGH

29 September 2023

Vault's Google Cloud Secrets Engine Removed Existing IAM Conditions When Creating / Updating Rolesets
CVE-2023-5077
HashicorpVault7.5HIGH

9 August 2023

JWT Auth in L7 Intentions Allow For Mismatched Service Identity and JWT Providers for Access
CVE-2023-3518
HashicorpConsul7.4HIGH

2 June 2023

Consul Envoy Extension Downsteam Proxy Configuration By Upstream Service Owner
CVE-2023-2816
HashicorpConsul8.7HIGH

5 April 2023

Nomad Unauthenticated Client Agent HTTP Request Privilege Escalation
CVE-2023-1782
HashicorpNomad10CRITICAL

14 March 2023

Nomad Job Submitter Privilege Escalation Using Workload Identity
CVE-2023-1299
HashicorpNomad7.4HIGH

11 October 2022

Local Privilege Escalation Vulnerability in Hashicorp Packer on Linux
CVE-2022-42717
HashicorpVagrant7.8HIGH