hashicorp

Top products

The 15 most recently published vulnerabilities affecting hashicorp.

• CVE-2026-7474Nomad vulnerable to path traversal in dynamic host volume which may lead to code execution8.8May 12, 2026
• CVE-2026-8052Nomad's exec2 task driver vulnerable to arbitrary file read/write on client host through symlink attack6.0May 12, 2026
• CVE-2026-6959Nomad vulnerable to arbitrary file read/write on client host through symlink attack6.0May 12, 2026
• CVE-2026-5061Consul-template vulnerable to sandbox path bypass in file helper via a symlink attack4.7May 12, 2026
• CVE-2026-7776Boundary Workers Vulnerable to Denial of Service During TLS Handshake7.5May 4, 2026
• CVE-2026-5807Vault Vulnerable to Denial-of-Service via Unauthenticated Root Token Generation/Rekey Operations7.5Apr 17, 2026
• CVE-2026-4525Vault Token Leaked to Backends via Authorization: Bearer Passthrough Header7.5Apr 17, 2026
• CVE-2026-5052Vault Vulnerable to Server-Side Request Forgery in ACME Challenge Validation via Attacker-Controlled DNS5.3Apr 17, 2026
• CVE-2026-3605Vault KVv2 Metadata and Secret Deletion Policy Bypass Denial-of-Service8.1Apr 17, 2026
• CVE-2026-4660Go-getter may allow to arbitrary filesystem reads through git operations7.5Apr 9, 2026
• CVE-2026-2808Consul vulnerable to arbitrary file reads through the vault kubernetes authentication provider6.8Mar 11, 2026
• CVE-2026-0969Arbitrary code execution in React server-side rendering of untrusted MDX content8.8Feb 12, 2026
• CVE-2025-13357Vault Terraform Provider Applied Incorrect Defaults for LDAP Auth Method7.4Nov 21, 2025
• CVE-2025-13432Terraform Enterprise state versions can be created by users with specific permissions without sufficient write access4.3Nov 21, 2025
• CVE-2025-11374Consul's KV endpoint is vulnerable to denial of service6.5Oct 28, 2025