Loading market data...
← Back to CVE feed

CVE-2026-5051

MEDIUM CVSS 4.4 View on NVD ↗

Description

HashiCorp Vault and Vault Enterprise prior to 2.0.1 audit device validation logic did not consistently apply plugin directory protections when the legacy file audit path option was used. This vulnerability (CVE-2026-5051) is fixed in 2.0.1, 1.21.6, 1.20.11, and 1.19.17.

CVSS Vector

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N
Published: Jul 01, 2026 18:16 UTC Modified: Jul 01, 2026 19:16 UTC