PT-2026-54782 · Hashicorp · Vault+1

Vipin Chaudhary

·

Published

2026-07-01

·

Updated

2026-07-02

·

CVE-2026-5051

CVSS v3.1

4.4

Medium

VectorAV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N
Name of the Vulnerable Software and Affected Versions HashiCorp Vault versions prior to 2.0.1 HashiCorp Vault Enterprise versions prior to 2.0.1
Description Audit device validation logic fails to consistently apply plugin directory protections when the legacy file audit path option is utilized.
Recommendations Update HashiCorp Vault to version 2.0.1, 1.21.6, 1.20.11, or 1.19.17. Update HashiCorp Vault Enterprise to version 2.0.1, 1.21.6, 1.20.11, or 1.19.17.

Fix

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-5051

Affected Products

Vault
Vault Enterprise