8.8

CVE-2026-4525

EPSS 0.02%
Veröffentlicht 17.04.2026 03:00:47
Zuletzt bearbeitet 27.04.2026 15:02:47
Quelle security@hashicorp.com
CVE-Watchlists
Login
Unerledigt
Login

Vault Token Leaked to Backends via Authorization: Bearer Passthrough Header

If a Vault auth mount is configured to pass through the "Authorization" header, and the "Authorization" header is used to authenticate to Vault, Vault forwarded the Vault token to the auth plugin backend. Fixed in 2.0.0, 1.21.5, 1.20.10, and 1.19.16.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

NVD 4 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Hashicorp ≫ Vault SwEditionenterprise Version >= 0.11.2 < 1.19.16

Hashicorp ≫ Vault SwEdition- Version >= 0.11.2 < 2.0.0

Hashicorp ≫ Vault SwEditionenterprise Version >= 1.20.0 < 1.20.10

Hashicorp ≫ Vault SwEditionenterprise Version >= 1.21.0 < 1.21.5

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.02%	0.065

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
security@hashicorp.com	7.5	1.6	5.9	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-201 Insertion of Sensitive Information Into Sent Data

The code transmits data to another actor, but a portion of the data includes sensitive information that should not be accessible to that actor.

https://discuss.hashicorp.com/t/hcsec-2026-07-vault-may-expose-tokens-to-auth-plugins-due-to-incorrect-header-sanitization/77344

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2026-4525

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-4525

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-4525

EUVD