CVE-2026-5807

EPSS 0.03%
Veröffentlicht 17.04.2026 03:22:13
Zuletzt bearbeitet 27.04.2026 15:03:39
Quelle security@hashicorp.com
CVE-Watchlists
Login
Unerledigt
Login

Vault Vulnerable to Denial-of-Service via Unauthenticated Root Token Generation/Rekey Operations

Vault is vulnerable to a denial-of-service condition where an unauthenticated attacker can repeatedly initiate or cancel root token generation or rekey operations, occupying the single in-progress operation slot. This prevents legitimate operators from completing these workflows. This vulnerability, CVE-2026-5807, is fixed in Vault Community Edition 2.0.0 and Vault Enterprise 2.0.0.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 4

NVD 2 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Hashicorp ≫ Vault SwEdition- Version < 2.0.0

Hashicorp ≫ Vault SwEditionenterprise Version < 2.0.0

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.03%	0.1

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
security@hashicorp.com	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-770 Allocation of Resources Without Limits or Throttling

The product allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor.

https://discuss.hashicorp.com/t/hcsec-2026-08-vault-vulnerable-to-denial-of-service-via-unauthenticated-root-token-generation-rekey-operations/77345

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2026-5807

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-5807

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-5807

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2026-5807