Hashicorp Security Vulnerabilities (CVEs)

The Vault Terraform Provider incorrectly set the deny_null_bind parameter to false by default for LDAP authentication, potentially allowing authentica...

In Terraform Enterprise, users with specific but insufficient permissions can create state versions in workspaces, potentially allowing infrastructure...

Consul's key/value endpoint is vulnerable to denial of service due to incorrect Content Length header validation. Attackers can send malformed request...

Consul's event endpoint is vulnerable to denial of service (DoS) attacks due to lack of validation on Content-Length headers, allowing attackers to se...

Vault and Vault Enterprise are vulnerable to unauthenticated denial of service attacks when processing JSON payloads due to a regression in rate limit...

This vulnerability allows authentication bypass in HashiCorp Vault's AWS Auth method when the bound_principal_iam role is identical across AWS account...

CVE-2025-6203 is a denial-of-service vulnerability in HashiCorp Vault where specially crafted JSON payloads can cause excessive memory and CPU consump...

CVE-2025-8959 is a symlink attack vulnerability in HashiCorp's go-getter library that allows attackers to read files outside the intended download dir...

This vulnerability allows attackers to bypass multi-factor authentication (MFA) rate limiting and reuse TOTP tokens in HashiCorp Vault, potentially en...

The Vault TLS certificate authentication method fails to properly validate client certificates when configured with non-CA certificates as trusted cer...

A privileged Vault operator with write permissions to the root namespace's identity endpoint can escalate token privileges to Vault's root policy, gra...

The Vault TOTP secrets engine code validation endpoint allows time-based one-time password codes to be reused within their validity period. This affec...

This vulnerability in Nomad's ACL policy lookup system can cause incorrect rule application and shadowing, potentially allowing unauthorized access to...

CVE-2025-4166 allows sensitive information exposure in Vault server and audit logs when users submit malformed payloads during secret creation or upda...

Nomad audit logs unintentionally expose sensitive workload identity tokens and client secret tokens. This allows attackers with access to audit logs t...

CVE-2025-1293 is an authentication bypass vulnerability in Hermes versions up to 0.4.0 that improperly validates AWS ALB JWTs, potentially allowing un...

This vulnerability allows attackers to bypass ACL policies in Nomad event streams configured with wildcard namespaces, enabling unauthorized read acce...

HashiCorp's go-slug library is vulnerable to a zip-slip attack when extracting tar archives with non-existing user-provided paths. This allows attacke...

This vulnerability allows attackers to cause denial-of-service through memory exhaustion by sending excessive requests to Vault's Raft cluster join AP...

This vulnerability allows a Vault operator with write permissions to the root namespace's identity endpoint to escalate their own or another user's pr...

This vulnerability allows an attacker with access to a Nomad client agent to write files outside the intended allocation directory during archive unpa...

This vulnerability allows attackers to escape the intended directory structure during archive unpacking in Nomad migrations, potentially writing files...

CVE-2024-6257 is a vulnerability in HashiCorp's go-getter library where an attacker can manipulate Git configuration files to execute arbitrary code d...

CVE-2024-6104 is an information disclosure vulnerability in go-retryablehttp where URLs containing HTTP basic authentication credentials are written t...

Boundary and Boundary Enterprise are vulnerable to session hijacking through TLS certificate tampering. Attackers with specific privileges can craft T...

HashiCorp Vault versions 1.12.0 and newer are vulnerable to denial of service through memory exhaustion when processing large HTTP requests. Attackers...

This vulnerability in HashiCorp Vault's Google Cloud secrets engine removes existing IAM Conditions when creating or updating rolesets, potentially gr...

This vulnerability allows users with service:write permissions in Consul to modify Envoy proxy configurations for downstream services they don't own. ...

This vulnerability in HashiCorp Vault's PKI mount allows unauthorized users to delete or modify PKI issuer metadata, potentially causing denial of ser...

This vulnerability in HashiCorp Nomad allows job submitters to escalate privileges to management-level access using workload identity and task API fea...

This vulnerability in the go-getter library allows attackers to perform path traversal, symlink processing, and command injection attacks, potentially...

This vulnerability in go-getter library causes a panic (crash) when processing password-protected ZIP files. It affects applications using go-getter u...

CVE-2021-44139 is a Server-Side Request Forgery (SSRF) vulnerability in Sentinel 1.8.2 that allows attackers to make unauthorized requests from the vu...

This vulnerability in HashiCorp Nomad allows attackers to submit specially crafted HCL job configurations to the jobs parse endpoint, causing excessiv...

HashiCorp Terraform Enterprise versions v202112-1 through v202201-2 log inbound HTTP requests in a way that may capture sensitive data like credential...

This vulnerability allows operators with read-fs and alloc-exec (or job-submit) capabilities in HashiCorp Nomad to read arbitrary files on the host fi...

This vulnerability allows authenticated users with job submission capabilities in HashiCorp Nomad to bypass configured allowed image paths when using ...

This vulnerability allows non-server agents in HashiCorp Nomad clusters to access server-only Raft RPC functionality, enabling privilege escalation. A...

This vulnerability in HashiCorp Consul's Envoy proxy allows TLS connections to bypass service identity validation. Attackers could potentially interce...

HashiCorp Vault and Vault Enterprise had a vulnerability where tokens or dynamic secret leases within 1 second of expiration could be renewed and inco...

HashiCorp Vault's Cassandra integrations failed to validate TLS certificates when connecting to Cassandra clusters, allowing man-in-the-middle attacks...

This vulnerability allows attackers to bypass audit logging in HashiCorp Consul Enterprise by sending specifically crafted HTTP events. This affects C...

HashiCorp Vault Enterprise versions 1.6.0 and 1.6.1 allow unauthenticated execution of the 'remove-peer' raft operator command on DR (Disaster Recover...