hashicorp

201 tracked vulnerabilities.

CVE-2026-8052 MEDIUM
Nomad's exec2 task driver vulnerable to arbitrary file read/write on client host through symlink attack
May 12, 2026
CVSS 6.0
EPSS 0.00
CVE-2026-7474 HIGH
Nomad vulnerable to path traversal in dynamic host volume which may lead to code execution
May 12, 2026
CVSS 8.8
EPSS 0.00
CVE-2026-6959 MEDIUM
Nomad vulnerable to arbitrary file read/write on client host through symlink attack
May 12, 2026
CVSS 6.0
EPSS 0.00
CVE-2026-5061 MEDIUM
Consul-template vulnerable to sandbox path bypass in file helper via a symlink attack
May 12, 2026
CVSS 4.7
EPSS 0.00
CVE-2026-7776 HIGH
Boundary Workers Vulnerable to Denial of Service During TLS Handshake
May 04, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-5807 HIGH
Vault Vulnerable to Denial-of-Service via Unauthenticated Root Token Generation/Rekey Operations
Apr 17, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-5052 MEDIUM
Vault Vulnerable to Server-Side Request Forgery in ACME Challenge Validation via Attacker-Controlled DNS
Apr 17, 2026
CVSS 5.3
EPSS 0.00
CVE-2026-4525 HIGH
Vault Token Leaked to Backends via Authorization: Bearer Passthrough Header
Apr 17, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-3605 HIGH
Vault KVv2 Metadata and Secret Deletion Policy Bypass Denial-of-Service
Apr 17, 2026
CVSS 8.1
EPSS 0.00
CVE-2026-4660 HIGH
Go-getter may allow to arbitrary filesystem reads through git operations
Apr 09, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-2808 MEDIUM
HashiCorp Consul 1.18.20-1.21.10/1.22.4 - Info Disclosure
Mar 12, 2026
CVSS 6.8
EPSS 0.00
CVE-2026-0969 HIGH
next-mdx-remote 4.3.0-5.9.9 - Remote Code Execution via MDX Content Deserialization
Feb 12, 2026
CVSS 8.8
EPSS 0.00
CVE-2025-13432 MEDIUM
Terraform 1.0.0-1.0.3 - Incorrect Authorization in State Version Creation
Nov 21, 2025
CVSS 4.3
EPSS 0.00
CVE-2025-13357 HIGH
HashiCorp Vault Terraform Provider < 5.5.0 - Insecure Default LDAP Authentication Configuration
Nov 21, 2025
CVSS 7.4
EPSS 0.00
CVE-2025-11375 MEDIUM
Consul < 1.18.12, 1.19.0-1.21.5, 1.22.0 - Denial of Service via Event Endpoint
Oct 28, 2025
CVSS 6.5
EPSS 0.00
CVE-2025-11374 MEDIUM
Consul < 1.22.0 - Denial of Service via KV Endpoint Content Length Header
Oct 28, 2025
CVSS 6.5
EPSS 0.00
CVE-2025-12044 HIGH
HashiCorp Vault 1.16.25-1.16.26, 1.20.3-1.20.4 - Unauthenticated Denial of Service via JSON Payload Processing
Oct 23, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-11621 HIGH
HashiCorp Vault 0.6.0-1.16.26, 1.17.0-1.20.4, 1.21.0 - Authentication Bypass via AWS Auth Method Cache Mishandling
Oct 23, 2025
CVSS 8.1
EPSS 0.00
CVE-2025-6203 HIGH
HashiCorp Vault 1.15.0-1.16.26, 1.17.0-1.20.2 - Denial of Service via Complex JSON Payloads
Aug 28, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-8959 HIGH
HashiCorp go-getter < 1.7.9 - Unauthorized Read Access via Symlink Attack
Aug 15, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-6013 MEDIUM
Vault 1.10.0-1.15.15, 1.16.0-1.19.7, 1.20.0-1.20.1 - MFA Enforcement Bypass via LDAP Username Alias Whitespace
Aug 06, 2025
CVSS 6.5
EPSS 0.00
CVE-2025-6037 MEDIUM
HashiCorp Vault < 1.20.1, 1.19.7, 1.18.12, 1.16.23 - Improper Certificate Validation in TLS Certificate Auth Method
Aug 01, 2025
CVSS 6.8
EPSS 0.00
CVE-2025-6015 MEDIUM
HashiCorp Vault 1.10.0-1.16.22, 1.17.0-1.19.6, 1.20.0 - Authentication Bypass via MFA Bypass
Aug 01, 2025
CVSS 5.7
EPSS 0.00
CVE-2025-6014 MEDIUM
HashiCorp Vault < 1.20.1 - TOTP Secrets Engine Code Reuse
Aug 01, 2025
CVSS 6.5
EPSS 0.00
CVE-2025-6011 LOW
HashiCorp Vault < 1.20.1 and 1.16.23 - Timing Side Channel in Userpass Auth Method
Aug 01, 2025
CVSS 3.7
EPSS 0.00
Products
vault 72 nomad 38 consul 36 go-getter 10 vagrant_vmware_fusion 7 boundary 6 terraform 5 terraform_enterprise 5 Vault 4 Vault Enterprise 4 vagrant 4 Tooling 3 Consul 2 Consul Enterprise 2 Nomad 2 Nomad Enterprise 2 Shared library 2 go-slug 2 sentinel 2 terraform_provider 2 Boundary 1 Boundary Enterprise 1 consul-template 1 consul_docker_image 1 consul_template 1 go-retryablehttp 1 hermes 1 nomad-driver-exec2 1 packer 1 retryablehttp 1
Quick Filters
Critical CVEs With Exploits In CISA KEV