Vault enterprise

This hub aggregates every CVE we track for Vault enterprise, a product in the cloud saas space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 15 most recently published vulnerabilities affecting Vault enterprise.

• CVE-2026-5807Vault Vulnerable to Denial-of-Service via Unauthenticated Root Token Generation/Rekey Operations7.5Apr 17, 2026
• CVE-2026-4525Vault Token Leaked to Backends via Authorization: Bearer Passthrough Header7.5Apr 17, 2026
• CVE-2026-5052Vault Vulnerable to Server-Side Request Forgery in ACME Challenge Validation via Attacker-Controlled DNS5.3Apr 17, 2026
• CVE-2026-3605Vault KVv2 Metadata and Secret Deletion Policy Bypass Denial-of-Service8.1Apr 17, 2026
• CVE-2025-12044Vault Vulnerable to Denial of Service Due to Rate Limit Regression7.5Oct 23, 2025
• CVE-2025-11621Vault AWS auth method bypass due to AWS client cache8.1Oct 23, 2025
• CVE-2025-6203Vault unauthenticated denial of service through complex json payload7.5Aug 28, 2025
• CVE-2025-6013Vault LDAP MFA Enforcement Bypass When Using Username As Alias6.5Aug 6, 2025
• CVE-2025-6015Vault Login MFA Bypass of Rate Limiting and TOTP Code Reuse5.7Aug 1, 2025
• CVE-2025-6011Timing Side-Channel in Vault’s Userpass Auth Method3.7Aug 1, 2025
• CVE-2025-6004Vault Userpass and LDAP User Lockout Bypass5.3Aug 1, 2025
• CVE-2025-6037Vault Certificate Auth Method Did Not Validate Common Name For Non-CA Certificates6.8Aug 1, 2025
• CVE-2025-6014Vault TOTP Secrets Engine Code Reuse6.5Aug 1, 2025
• CVE-2025-6000Arbitrary Remote Code Execution via Plugin Catalog Abuse9.1Aug 1, 2025
• CVE-2025-5999Vault Root Namespace Operator May Elevate Token Privileges7.2Aug 1, 2025