Security

Topic	Views	Activity
About HashiCorp security updates	12921	October 8, 2020
HCSEC-2026-01 - Arbitrary code execution in React server-side rendering of untrusted MDX content	1675	February 12, 2026
HCSEC-2025-33 - Vault Terraform Provider Applied Incorrect Defaults for LDAP Auth Method security-vault , security-terraform	1265	November 21, 2025
HCSEC-2025-34 - Terraform Enterprise state versions can be created by users without sufficient write access security-terraform	496	November 21, 2025
HCSEC-2025-29 - Consul's KV endpoint is vulnerable to denial of service security-consul	710	October 28, 2025
HCSEC-2025-28 - Consul's event endpoint is vulnerable to denial of service security-consul	628	October 28, 2025
HCSEC-2025-32 - Incomplete Fix For Previous Vault DoS Issue security-vault	423	October 23, 2025
HCSEC-2025-31- Vault Vulnerable to Denial of Service Due to Rate Limit Regression security-vault	1735	October 23, 2025
HCSEC-2025-30 - Vault AWS Auth Method Authentication Bypass Through Mishandling of Cache Entries security-vault	1577	October 23, 2025
HCSEC-2025-25 - Updates to HashiCorp subprocessors	201	September 30, 2025
HCSEC-2025-24 - Vault Denial of Service Though Complex JSON Payloads security-vault	2561	August 28, 2025
HCSEC-2025-23 - HashiCorp go-getter Vulnerable to Arbitrary Read through Symlink Attack	1175	August 15, 2025
HCSEC-2025-22 - Multiple Vulnerabilities Impacting HashiCorp Vault and Vault Enterprise security-vault	5618	August 6, 2025
HCSEC-2025-21 - Vault User Enumeration in Userpass Auth Method security-vault	1734	August 6, 2025
HCSEC-2025-20 - Vault LDAP MFA Enforcement Bypass When Using Username As Alias security-vault	2017	August 6, 2025
HCSEC-2025-19 - Vault Login MFA Bypass of Rate Limiting and TOTP Token Reuse security-vault	1416	August 1, 2025
HCSEC-2025-18 - Vault Certificate Auth Method Did Not Validate Common Name For Non-CA Certificates security-vault	1429	August 1, 2025
HCSEC-2025-17 - Vault TOTP Secrets Engine Code Reuse security-vault	1461	August 1, 2025
HCSEC-2025-16 - Vault Userpass and LDAP User Lockout Bypass security-vault	1648	August 1, 2025
HCSEC-2025-15 - Timing Side-Channel in Vault’s Userpass Auth Method security-vault	1450	August 1, 2025
HCSEC-2025-14 - Privileged Vault Operator May Execute Code on the Underlying Host security-vault	5174	August 1, 2025
HCSEC-2025-13 - Vault Root Namespace Operator May Elevate Token Privileges security-vault	2291	August 1, 2025
HCSEC-2025-11 Vault Vulnerable to Recovery Key Cancellation Denial of Service security-vault	1174	June 25, 2025
HCSEC-2025-12 - Nomad Vulnerable To Incorrect ACL Policy Lookup Attached To A Job security-nomad	847	June 11, 2025
HCSEC-2025-10 - Update to HashiCorp Data Transfer Impact Assessment	273	May 23, 2025
HCSEC-2025-08 - Nomad Enterprise Vulnerable To Violation Of Mandatory Sentinel Policies in Job Submissions via Policy Override security-nomad	595	May 13, 2025
HCSEC-2025-09 - Vault May Expose Sensitive Information in Error Logs When Processing Malformed Data With the KV v2 Plugin security-vault	2164	May 2, 2025
HCSEC-2025-07 - Vault’s Azure Authentication Method bound_location Restriction Could be Bypassed on Login security-vault	1013	May 2, 2025
HCSEC-2025-06 - Updates to HashiCorp Subprocessors	339	March 31, 2025
HCSEC-2025-05 - Terraform Enterprise’s Single Sign-On and Ruby SAML’s CVE-2025-25291 and CVE-2025-25292 security-terraform	729	March 13, 2025