CVE-2026-4525

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions HashiCorp Vault versions prior to 2.0.0 HashiCorp Vault versions prior to 1.21.5 HashiCorp Vault versions prior to 1.20.10 HashiCorp Vault versions prior to 1.19.16

Description When a Vault auth mount is configured to pass through the 'Authorization' header and that same header is used for authentication to Vault, the system forwards the Vault token to the auth plugin backend, leading to token disclosure.

Recommendations Update to version 2.0.0 Update to version 1.21.5 Update to version 1.20.10 Update to version 1.19.16

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-201

Related Identifiers

BDU:2026-05665

BIT-VAULT-2026-4525

CVE-2026-4525

GHSA-72GW-FMMR-C4R4

Affected Products

Vault

CVE-2026-4525

Weakness Enumeration

Related Identifiers

Affected Products

References · 9