CVE-2026-5807

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Vault Community Edition versions prior to 2.0.0 Vault Enterprise versions prior to 2.0.0

Description An unauthenticated attacker can cause a denial-of-service condition by repeatedly initiating or canceling root token generation or rekey operations. This action occupies the single in-progress operation slot, which prevents legitimate operators from completing these specific workflows.

Recommendations Update Vault Community Edition to version 2.0.0. Update Vault Enterprise to version 2.0.0.

Fix

DoS

Allocation of Resources Without Limits

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-770

Related Identifiers

BIT-VAULT-2026-5807

CVE-2026-5807

GHSA-88V5-9HXC-F85R

OPENSUSE-SU-2026:10594-1

Affected Products

Vault Community Edition

Vault Enterprise

CVE-2026-5807

Weakness Enumeration

Related Identifiers

Affected Products

References · 15