Hashicorp Vault Enterprise Vulnerabilities

Hashicorp Vault Enterprise vulnerabilities.

JSON RSS CSV 🔔 Create Alert Trigger

6 August 2025

LDAP Authentication Flaw in HashiCorp Vault and Vault Enterprise
CVE-2025-6013
HashicorpVault6.5MEDIUM

1 August 2025

MFA Bypass and Token Reuse in HashiCorp Vault and Vault Enterprise
CVE-2025-6015
HashicorpVault5.7MEDIUM
Timing Side Channel Vulnerability in Vault and Vault Enterprise
CVE-2025-6011
HashicorpVault3.7LOW
User Lockout Bypass in Vault by HashiCorp
CVE-2025-6004
HashicorpVault5.3MEDIUM
TLS Certificate Authentication Issue in HashiCorp Vault Products
CVE-2025-6037
HashicorpVault6.8MEDIUM
Code Reuse Vulnerability in HashiCorp Vault's TOTP Secrets Engine
CVE-2025-6014
HashicorpVault6.5MEDIUM
Privileged Code Execution Vulnerability in HashiCorp Vault
CVE-2025-6000
HashicorpVault9.1CRITICAL
Privilege Escalation Vulnerability in HashiCorp Vault by HashiCorp
CVE-2025-5999
HashicorpVault7.2HIGH

25 June 2025

Denial of Service Vulnerability in HashiCorp Vault Community and Enterprise Products
CVE-2025-4656
HashicorpVault3.1LOW

2 May 2025

10 October 2024

Root Privileges Escalation Vulnerability in Vault
CVE-2024-9180
HashicorpVault7.2HIGH

26 September 2024

Vault SSH secrets engine vulnerability: unauthorized access via SSH certificates
CVE-2024-7594
HashicorpVault7.5HIGH

2 September 2024

Vault Leaks AppRole Client Tokens And Accessor in Audit Log
CVE-2024-8365
HashicorpVault6.5MEDIUM

12 June 2024

Vault Incorrectly Validated JSON Web Tokens (JWT) Audience Claims
CVE-2024-5798
HashicorpVault2.6LOW

30 April 2024

Vault Enterprise Leaks Sensitive HTTP Request Headers in the Audit Log When Deployed With a Performance Standby Node
CVE-2024-2877
HashicorpVault Enterprise5.5MEDIUM

4 April 2024

OCSP Response Validation Fix for Vault and Vault Enterprise TLS Certificates
CVE-2024-2660
HashicorpVault6.4MEDIUM

4 March 2024

Certificate Validation Bypass Vulnerability
CVE-2024-2048
HashicorpVault📈📰8.1HIGH

1 February 2024

Vault May Expose Sensitive Information When Configuring An Audit Log Device
CVE-2024-0831
HashicorpVault4.5MEDIUM

8 December 2023

Vault May be Vulnerable to a Denial of Service Through Memory Exhaustion When Handling Large HTTP Requests
CVE-2023-6337
HashicorpVault7.5HIGH

9 November 2023

Vault Requests Triggering Policy Checks May Lead To Unbounded Memory Consumption
CVE-2023-5954
HashicorpVault5.9MEDIUM

29 September 2023

15 September 2023

Vault's Transit Secrets Engine Allowed Nonce Specified without Convergent Encryption
CVE-2023-4680
HashicorpVault6.8MEDIUM

31 July 2023

Vault's LDAP Auth Method Allows for User Enumeration
CVE-2023-3462
HashicorpVault5.3MEDIUM