hashicorp

208 tracked vulnerabilities.

CVE-2026-14896 MEDIUM
Nomad vulnerable to cross-namespace host volume claim deletion
Jul 08, 2026
CVSS 4.2
EPSS 0.00
CVE-2026-14891 HIGH
Nomad vulnerable to sandbox escape in Docker task driver
Jul 08, 2026
CVSS 8.7
EPSS 0.00
CVE-2026-14373 HIGH
Nomad Docker driver Linux host namespace bypass
Jul 08, 2026
CVSS 7.7
EPSS 0.00
CVE-2026-14361 MEDIUM
Consul-template is vulnerable to path redirection in writeToFile through symlink attack
Jul 08, 2026
CVSS 4.7
EPSS 0.00
CVE-2026-14362 MEDIUM
Denial of service via crafted push/pull gossip message in memberlist
Jul 08, 2026
CVSS 4.9
EPSS 0.00
CVE-2026-14468 HIGH
Path traversal allows arbitrary file read in Terraform Enterprise container
Jul 06, 2026
CVSS 7.7
EPSS 0.00
CVE-2026-5051 MEDIUM
Audit Log Plugin Directory Guard Bypass via Legacy path Option
Jul 01, 2026
CVSS 4.4
EPSS 0.00
CVE-2026-8052 MEDIUM
Nomad's exec2 task driver vulnerable to arbitrary file read/write on client host through symlink attack
May 12, 2026
CVSS 6.0
EPSS 0.00
CVE-2026-7474 HIGH
Nomad vulnerable to path traversal in dynamic host volume which may lead to code execution
May 12, 2026
CVSS 8.8
EPSS 0.07
CVE-2026-6959 MEDIUM
Nomad vulnerable to arbitrary file read/write on client host through symlink attack
May 12, 2026
CVSS 6.0
EPSS 0.00
CVE-2026-5061 MEDIUM
Consul-template vulnerable to sandbox path bypass in file helper via a symlink attack
May 12, 2026
CVSS 4.7
EPSS 0.00
CVE-2026-7776 HIGH
Boundary Workers Vulnerable to Denial of Service During TLS Handshake
May 04, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-5807 HIGH
Vault Vulnerable to Denial-of-Service via Unauthenticated Root Token Generation/Rekey Operations
Apr 17, 2026
CVSS 7.5
EPSS 0.01
CVE-2026-5052 MEDIUM
Vault Vulnerable to Server-Side Request Forgery in ACME Challenge Validation via Attacker-Controlled DNS
Apr 17, 2026
CVSS 5.3
EPSS 0.00
CVE-2026-4525 HIGH
Vault Token Leaked to Backends via Authorization: Bearer Passthrough Header
Apr 17, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-3605 HIGH
Vault KVv2 Metadata and Secret Deletion Policy Bypass Denial-of-Service
Apr 17, 2026
CVSS 8.1
EPSS 0.00
CVE-2026-4660 HIGH
Go-getter may allow to arbitrary filesystem reads through git operations
Apr 09, 2026
CVSS 7.5
EPSS 0.01
CVE-2026-2808 MEDIUM
HashiCorp Consul 1.18.20-1.21.10/1.22.4 - Info Disclosure
Mar 12, 2026
CVSS 6.8
EPSS 0.00
CVE-2026-0969 HIGH
next-mdx-remote 4.3.0-5.9.9 - Remote Code Execution via MDX Content Deserialization
Feb 12, 2026
CVSS 8.8
EPSS 0.01
CVE-2025-13432 MEDIUM
Terraform 1.0.0-1.0.3 - Incorrect Authorization in State Version Creation
Nov 21, 2025
CVSS 4.3
EPSS 0.00
CVE-2025-13357 HIGH
HashiCorp Vault Terraform Provider < 5.5.0 - Insecure Default LDAP Authentication Configuration
Nov 21, 2025
CVSS 7.4
EPSS 0.01
CVE-2025-11375 MEDIUM
Consul < 1.18.12, 1.19.0-1.21.5, 1.22.0 - Denial of Service via Event Endpoint
Oct 28, 2025
CVSS 6.5
EPSS 0.00
CVE-2025-11374 MEDIUM
Consul < 1.22.0 - Denial of Service via KV Endpoint Content Length Header
Oct 28, 2025
CVSS 6.5
EPSS 0.00
CVE-2025-12044 HIGH
HashiCorp Vault 1.16.25-1.16.26, 1.20.3-1.20.4 - Unauthenticated Denial of Service via JSON Payload Processing
Oct 23, 2025
CVSS 7.5
EPSS 0.01
CVE-2025-11621 HIGH
HashiCorp Vault 0.6.0-1.16.26, 1.17.0-1.20.4, 1.21.0 - Authentication Bypass via AWS Auth Method Cache Mishandling
Oct 23, 2025
CVSS 8.1
EPSS 0.00