Security

Topic	Replies	Views	Activity
About HashiCorp security updates	0	13160	October 8, 2020
HCSEC-2026-11 - Boundary Workers Vulnerable to Denial of Service During TLS Handshake security-boundary	0	128	May 4, 2026
HCSEC-2026-10 - Updates to HashiCorp subprocessors	0	53	April 27, 2026
HCSEC-2026-09 - Remediation and Improved Secret Management for GitHub Webhook Secret Exposure security-terraform	0	368	April 20, 2026
HCSEC-2026-08 - Vault Vulnerable to Denial-of-Service via Unauthenticated Root Token Generation/Rekey Operations security-vault	0	587	April 17, 2026
HCSEC-2026-07 - Vault May Expose Tokens to Auth Plugins Due to Incorrect Header Sanitization security-vault	0	435	April 17, 2026
HCSEC-2026-06 - Vault Vulnerable to Server-Side Request Forgery in ACME Challenge Validation via Attacker-Controlled DNS security-vault	0	406	April 17, 2026
HCSEC-2026-05 - Vault KVv2 Metadata and Secret Deletion Policy Bypass Denial-of-Service security-vault	0	733	April 17, 2026
HCSEC-2026-04 - Go-getter may allow to arbitrary filesystem reads through git operations	0	270	April 9, 2026
HCSEC-2026-03 - HashiCorp GPG Key (72D7468F) Update	0	2108	March 12, 2026
HCSEC-2026-02 - Consul Vulnerable to Arbitrary File Reads Through the Vault Kubernetes Authentication Provider security-consul	0	340	March 11, 2026
HCSEC-2026-01 - Arbitrary code execution in React server-side rendering of untrusted MDX content	0	6860	February 12, 2026
HCSEC-2025-33 - Vault Terraform Provider Applied Incorrect Defaults for LDAP Auth Method security-vault , security-terraform	0	1398	November 21, 2025
HCSEC-2025-34 - Terraform Enterprise state versions can be created by users without sufficient write access security-terraform	0	541	November 21, 2025
HCSEC-2025-29 - Consul's KV endpoint is vulnerable to denial of service security-consul	0	880	October 28, 2025
HCSEC-2025-28 - Consul's event endpoint is vulnerable to denial of service security-consul	0	768	October 28, 2025
HCSEC-2025-32 - Incomplete Fix For Previous Vault DoS Issue security-vault	0	471	October 23, 2025
HCSEC-2025-31- Vault Vulnerable to Denial of Service Due to Rate Limit Regression security-vault	0	1908	October 23, 2025
HCSEC-2025-30 - Vault AWS Auth Method Authentication Bypass Through Mishandling of Cache Entries security-vault	0	1650	October 23, 2025
HCSEC-2025-25 - Updates to HashiCorp subprocessors	0	253	September 30, 2025
HCSEC-2025-24 - Vault Denial of Service Though Complex JSON Payloads security-vault	0	2685	August 28, 2025
HCSEC-2025-23 - HashiCorp go-getter Vulnerable to Arbitrary Read through Symlink Attack	0	1317	August 15, 2025
HCSEC-2025-22 - Multiple Vulnerabilities Impacting HashiCorp Vault and Vault Enterprise security-vault	0	5862	August 6, 2025
HCSEC-2025-21 - Vault User Enumeration in Userpass Auth Method security-vault	1	1848	February 13, 2026
HCSEC-2025-20 - Vault LDAP MFA Enforcement Bypass When Using Username As Alias security-vault	0	2053	August 6, 2025
HCSEC-2025-19 - Vault Login MFA Bypass of Rate Limiting and TOTP Token Reuse security-vault	0	1452	August 1, 2025
HCSEC-2025-18 - Vault Certificate Auth Method Did Not Validate Common Name For Non-CA Certificates security-vault	0	1468	August 1, 2025
HCSEC-2025-17 - Vault TOTP Secrets Engine Code Reuse security-vault	0	1496	August 1, 2025
HCSEC-2025-16 - Vault Userpass and LDAP User Lockout Bypass security-vault	0	1703	August 1, 2025
HCSEC-2025-15 - Timing Side-Channel in Vault’s Userpass Auth Method security-vault	0	1490	August 1, 2025