JustAppSec
HIGH SeverityCVSS 3.17.5CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

CVE-2026-4525

Last updated Apr 17, 2026 · Published Apr 17, 2026

← Back to list

Description

If a Vault auth mount is configured to pass through the "Authorization" header, and the "Authorization" header is used to authenticate to Vault, Vault forwarded the Vault token to the auth plugin backend. Fixed in 2.0.0, 1.21.5, 1.20.10, and 1.19.16.

Affected products

1 listed
  • HashiCorp:Vault; HashiCorp:Vault Enterprise

Mappings

CWE

CWE-201

CAPEC

CAPEC-118

CVE® content © MITRE Corporation. Licensed under the CVE Terms of Use. Terms

Need help?Get in touch.