Security

Topic	Replies	Views	Activity
About HashiCorp security updates	0	13176	October 8, 2020
HCSEC-2026-15 - Nomad vulnerable to path traversal in dynamic host volume which may lead to code execution security-nomad	0	115	May 12, 2026
HCSEC-2026-14 - Nomad arbitrary file read/write on client host through symlink attack security-nomad	0	92	May 12, 2026
HCSEC-2026-13 - Nomad's exec2 task driver vulnerable to arbitrary file read/write on client host through symlink attack security-nomad	0	80	May 12, 2026
HCSEC-2026-12 - Consul-template vulnerable to sandbox path bypass in file helper through symlink attack security-consul	0	84	May 12, 2026
HCSEC-2026-11 - Boundary Workers Vulnerable to Denial of Service During TLS Handshake security-boundary	0	159	May 4, 2026
HCSEC-2026-10 - Updates to HashiCorp subprocessors	0	55	April 27, 2026
HCSEC-2026-09 - Remediation and Improved Secret Management for GitHub Webhook Secret Exposure security-terraform	0	377	April 20, 2026
HCSEC-2026-08 - Vault Vulnerable to Denial-of-Service via Unauthenticated Root Token Generation/Rekey Operations security-vault	0	622	April 17, 2026
HCSEC-2026-07 - Vault May Expose Tokens to Auth Plugins Due to Incorrect Header Sanitization security-vault	0	453	April 17, 2026
HCSEC-2026-06 - Vault Vulnerable to Server-Side Request Forgery in ACME Challenge Validation via Attacker-Controlled DNS security-vault	0	432	April 17, 2026
HCSEC-2026-05 - Vault KVv2 Metadata and Secret Deletion Policy Bypass Denial-of-Service security-vault	0	778	April 17, 2026
HCSEC-2026-04 - Go-getter may allow to arbitrary filesystem reads through git operations	0	273	April 9, 2026
HCSEC-2026-03 - HashiCorp GPG Key (72D7468F) Update	0	2153	March 12, 2026
HCSEC-2026-02 - Consul Vulnerable to Arbitrary File Reads Through the Vault Kubernetes Authentication Provider security-consul	0	348	March 11, 2026
HCSEC-2026-01 - Arbitrary code execution in React server-side rendering of untrusted MDX content	0	7022	February 12, 2026
HCSEC-2025-33 - Vault Terraform Provider Applied Incorrect Defaults for LDAP Auth Method security-vault , security-terraform	0	1400	November 21, 2025
HCSEC-2025-34 - Terraform Enterprise state versions can be created by users without sufficient write access security-terraform	0	542	November 21, 2025
HCSEC-2025-29 - Consul's KV endpoint is vulnerable to denial of service security-consul	0	889	October 28, 2025
HCSEC-2025-28 - Consul's event endpoint is vulnerable to denial of service security-consul	0	778	October 28, 2025
HCSEC-2025-32 - Incomplete Fix For Previous Vault DoS Issue security-vault	0	474	October 23, 2025
HCSEC-2025-31- Vault Vulnerable to Denial of Service Due to Rate Limit Regression security-vault	0	1912	October 23, 2025
HCSEC-2025-30 - Vault AWS Auth Method Authentication Bypass Through Mishandling of Cache Entries security-vault	0	1657	October 23, 2025
HCSEC-2025-25 - Updates to HashiCorp subprocessors	0	256	September 30, 2025
HCSEC-2025-24 - Vault Denial of Service Though Complex JSON Payloads security-vault	0	2694	August 28, 2025
HCSEC-2025-23 - HashiCorp go-getter Vulnerable to Arbitrary Read through Symlink Attack	0	1320	August 15, 2025
HCSEC-2025-22 - Multiple Vulnerabilities Impacting HashiCorp Vault and Vault Enterprise security-vault	0	5872	August 6, 2025
HCSEC-2025-21 - Vault User Enumeration in Userpass Auth Method security-vault	1	1852	February 13, 2026
HCSEC-2025-20 - Vault LDAP MFA Enforcement Bypass When Using Username As Alias security-vault	0	2060	August 6, 2025
HCSEC-2025-19 - Vault Login MFA Bypass of Rate Limiting and TOTP Token Reuse security-vault	0	1452	August 1, 2025