Denial of Service Vulnerability in HashiCorp Vault
CVE-2026-5807

7.5HIGH

Key Information:

Vendor: Hashicorp
Status: Vault; Vault Enterprise
Vendor: CVE Published:; 17 April 2026

What is CVE-2026-5807?

HashiCorp Vault is susceptible to a denial-of-service condition where an unauthenticated attacker can misuse the root token generation and rekey operations. By continuously initiating or canceling these operations, the attacker monopolizes the operation slot, blocking legitimate users from finalizing their tasks. This flaw underscores the importance of securing access to Vault to ensure operational continuity. Users are advised to upgrade to Vault Community Edition 2.0.0 or Vault Enterprise 2.0.0, where this issue has been addressed.

Affected Version(s)

Vault 64 bit 0 < 2.0.0

Vault Enterprise 64 bit 0 < 2.0.0.

References

https://discuss.hashicorp.com/t/hcsec-2026-08-vault-vulne...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 17, 2026
Vulnerability Reserved
Apr 8, 2026

CVE-2026-5807 Data

JSON

Hashicorp

What is CVE-2026-5807?

Affected Version(s)

References

CVSS V3.1

Timeline