hashicorp
208 tracked vulnerabilities.
CVE-2026-14896
MEDIUM
Nomad vulnerable to cross-namespace host volume claim deletion
Jul 08, 2026
CVSS 4.2
EPSS 0.00
CVE-2026-14891
HIGH
Nomad vulnerable to sandbox escape in Docker task driver
Jul 08, 2026
CVSS 8.7
EPSS 0.00
CVE-2026-14373
HIGH
Nomad Docker driver Linux host namespace bypass
Jul 08, 2026
CVSS 7.7
EPSS 0.00
CVE-2026-14361
MEDIUM
Consul-template is vulnerable to path redirection in writeToFile through symlink attack
Jul 08, 2026
CVSS 4.7
EPSS 0.00
CVE-2026-14362
MEDIUM
Denial of service via crafted push/pull gossip message in memberlist
Jul 08, 2026
CVSS 4.9
EPSS 0.00
CVE-2026-14468
HIGH
Path traversal allows arbitrary file read in Terraform Enterprise container
Jul 06, 2026
CVSS 7.7
EPSS 0.00
CVE-2026-5051
MEDIUM
Audit Log Plugin Directory Guard Bypass via Legacy path Option
Jul 01, 2026
CVSS 4.4
EPSS 0.00
CVE-2026-8052
MEDIUM
Nomad's exec2 task driver vulnerable to arbitrary file read/write on client host through symlink attack
May 12, 2026
CVSS 6.0
EPSS 0.00
CVE-2026-7474
HIGH
Nomad vulnerable to path traversal in dynamic host volume which may lead to code execution
May 12, 2026
CVSS 8.8
EPSS 0.07
CVE-2026-6959
MEDIUM
Nomad vulnerable to arbitrary file read/write on client host through symlink attack
May 12, 2026
CVSS 6.0
EPSS 0.00
CVE-2026-5061
MEDIUM
Consul-template vulnerable to sandbox path bypass in file helper via a symlink attack
May 12, 2026
CVSS 4.7
EPSS 0.00
CVE-2026-7776
HIGH
Boundary Workers Vulnerable to Denial of Service During TLS Handshake
May 04, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-5807
HIGH
Vault Vulnerable to Denial-of-Service via Unauthenticated Root Token Generation/Rekey Operations
Apr 17, 2026
CVSS 7.5
EPSS 0.01
CVE-2026-5052
MEDIUM
Vault Vulnerable to Server-Side Request Forgery in ACME Challenge Validation via Attacker-Controlled DNS
Apr 17, 2026
CVSS 5.3
EPSS 0.00
CVE-2026-4525
HIGH
Vault Token Leaked to Backends via Authorization: Bearer Passthrough Header
Apr 17, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-3605
HIGH
Vault KVv2 Metadata and Secret Deletion Policy Bypass Denial-of-Service
Apr 17, 2026
CVSS 8.1
EPSS 0.00
CVE-2026-4660
HIGH
Go-getter may allow to arbitrary filesystem reads through git operations
Apr 09, 2026
CVSS 7.5
EPSS 0.01
CVE-2026-2808
MEDIUM
HashiCorp Consul 1.18.20-1.21.10/1.22.4 - Info Disclosure
Mar 12, 2026
CVSS 6.8
EPSS 0.00
CVE-2026-0969
HIGH
next-mdx-remote 4.3.0-5.9.9 - Remote Code Execution via MDX Content Deserialization
Feb 12, 2026
CVSS 8.8
EPSS 0.01
CVE-2025-13432
MEDIUM
Terraform 1.0.0-1.0.3 - Incorrect Authorization in State Version Creation
Nov 21, 2025
CVSS 4.3
EPSS 0.00
CVE-2025-13357
HIGH
HashiCorp Vault Terraform Provider < 5.5.0 - Insecure Default LDAP Authentication Configuration
Nov 21, 2025
CVSS 7.4
EPSS 0.01
CVE-2025-11375
MEDIUM
Consul < 1.18.12, 1.19.0-1.21.5, 1.22.0 - Denial of Service via Event Endpoint
Oct 28, 2025
CVSS 6.5
EPSS 0.00
CVE-2025-11374
MEDIUM
Consul < 1.22.0 - Denial of Service via KV Endpoint Content Length Header
Oct 28, 2025
CVSS 6.5
EPSS 0.00
CVE-2025-12044
HIGH
HashiCorp Vault 1.16.25-1.16.26, 1.20.3-1.20.4 - Unauthenticated Denial of Service via JSON Payload Processing
Oct 23, 2025
CVSS 7.5
EPSS 0.01
CVE-2025-11621
HIGH
HashiCorp Vault 0.6.0-1.16.26, 1.17.0-1.20.4, 1.21.0 - Authentication Bypass via AWS Auth Method Cache Mishandling
Oct 23, 2025
CVSS 8.1
EPSS 0.00
Products
vault 72
nomad 38
consul 36
go-getter 10
vagrant_vmware_fusion 7
boundary 6
Nomad 5
Nomad Enterprise 5
Vault 5
Vault Enterprise 5
terraform 5
terraform_enterprise 5
Tooling 4
vagrant 4
Shared library 3
Consul 2
Consul Enterprise 2
go-slug 2
sentinel 2
terraform_provider 2
Boundary 1
Boundary Enterprise 1
Terraform Enterprise 1
consul-template 1
consul_docker_image 1
consul_template 1
go-retryablehttp 1
hermes 1
nomad-driver-exec2 1
packer 1
Quick Filters