CVE-2026-4525

CVSS v3.1

7.5

High

AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

If a Vault auth mount is configured to pass through the "Authorization" header, and the "Authorization" header is used to authenticate to Vault, Vault forwarded the Vault token to the auth plugin backend. Fixed in 2.0.0, 1.21.5, 1.20.10, and 1.19.16.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-201

Related Identifiers

CVE-2026-4525

Affected Products

Vault

Vault Enterprise

CVE-2026-4525

Weakness Enumeration

Related Identifiers

Affected Products

References · 2