CVE-2026-4525 is a high-severity vulnerability in Hashicorp Vault that may expose tokens to auth plugins due to incorrect header sanitization. The vulnerability has a CVSS score of 7.5 and is considered HIGH. It was published on April 17, 2026, and modified on June 30, 2026. The vulnerability affects Hashicorp Vault versions prior to 2.0.0, 1.21.5, 1.20.10, and 1.19.16. Hashicorp has released fixed versio [truncated]
CVE-2026-3605 is a high-severity vulnerability in Hashicorp Vault, allowing authenticated users to delete secrets they are not authorized to access, resulting in a denial-of-service. This vulnerability, with a CVSS score of 8.1, was fixed in Vault Community Edition 2.0.0 and Vault Enterprise 2.0.0, 1.21.5, 1.20.10, and 1.19.16. The vulnerability did not allow malicious users to delete secrets across names [truncated]
CVE-2026-4660 is a vulnerability in HashiCorp's go-getter library up to version 1.8.5 that may allow arbitrary file reads on the file system during certain git operations through a maliciously crafted URL. The vulnerability is fixed in go-getter version 1.8.6. This vulnerability does not affect the go-getter/v2 branch and package. The CVSS score for this vulnerability is 7.5, indicating a high severity. T [truncated]