Vulnerabilities in HashiCorp
93 resultsCVE-2026-5807HIGHVault Vulnerable to Denial-of-Service via Unauthenticated Root Token Generation/Rekey OperationsEPSS 0.5%CVE-2025-5999HIGHVault Root Namespace Operator May Elevate Token PrivilegesEPSS 0.5%CVE-2024-10975HIGHNomad Vulnerable To Cross-Namespace Volume Creation Abusing CSI Write PermissionEPSS 0.5%CVE-2023-0475MEDIUMGo-Getter Vulnerable to Decompression BombsEPSS 0.5%CVE-2023-3775MEDIUMVault Enterprise's Sentinel RGP Policies Allowed For Cross-Namespace Denial of ServiceEPSS 0.5%CVE-2025-1296MEDIUMNomad Exposes Sensitive Workload Identity and Client Secret Token in Audit LogsEPSS 0.4%CVE-2024-2048HIGHVault Cert Auth Method Did Not Correctly Validate Non-CA CertificatesEPSS 0.4%CVE-2023-0690MEDIUMBoundary Workers Store Rotated Credentials in Plaintext Even When a Key Management Service ConfiguredEPSS 0.4%CVE-2023-5077HIGHVault's Google Cloud Secrets Engine Removed Existing IAM Conditions When Creating / Updating RolesetsEPSS 0.4%CVE-2024-10086MEDIUMConsul Vulnerable To Reflected XSS On Content-Type Error ManipulationEPSS 0.4%CVE-2026-4660HIGHGo-getter may allow to arbitrary filesystem reads through git operationsEPSS 0.4%CVE-2023-3114MEDIUMTerraform Enterprise Agent Pool Controls Allowed Unauthorized Workspaces To Target an Agent PoolEPSS 0.4%CVE-2023-2121MEDIUMVault’s KV Diff Viewer Allowed for HTML InjectionEPSS 0.4%CVE-2025-0937HIGHNomad Vulnerable To Event Stream Namespace ACL Policy Bypass Through Wildcard NamespaceEPSS 0.4%CVE-2025-11374MEDIUMConsul's KV endpoint is vulnerable to denial of serviceEPSS 0.4%CVE-2025-11375MEDIUMConsul's event endpoint is vulnerable to denial of serviceEPSS 0.4%CVE-2024-6717HIGHNomad Vulnerable to Allocation Directory Path Escape Through Archive UnpackingEPSS 0.4%CVE-2025-6004MEDIUMVault Userpass and LDAP User Lockout BypassEPSS 0.4%CVE-2023-3518HIGHJWT Auth in L7 Intentions Allow For Mismatched Service Identity and JWT Providers for AccessEPSS 0.4%CVE-2023-0620MEDIUMVault Vulnerable to SQL Injection When Configuring the Microsoft SQL Database Storage BackendEPSS 0.4%