Security

Topic	Replies	Views	Activity
About HashiCorp security updates	0	13304	October 8, 2020
HCSEC-2026-15 - Nomad vulnerable to path traversal in dynamic host volume which may lead to code execution security-nomad	0	345	May 12, 2026
HCSEC-2026-14 - Nomad arbitrary file read/write on client host through symlink attack security-nomad	0	175	May 12, 2026
HCSEC-2026-13 - Nomad's exec2 task driver vulnerable to arbitrary file read/write on client host through symlink attack security-nomad	0	184	May 12, 2026
HCSEC-2026-12 - Consul-template vulnerable to sandbox path bypass in file helper through symlink attack security-consul	0	183	May 12, 2026
HCSEC-2026-11 - Boundary Workers Vulnerable to Denial of Service During TLS Handshake security-boundary	0	249	May 4, 2026
HCSEC-2026-10 - Updates to HashiCorp subprocessors	0	64	April 27, 2026
HCSEC-2026-09 - Remediation and Improved Secret Management for GitHub Webhook Secret Exposure security-terraform	0	413	April 20, 2026
HCSEC-2026-08 - Vault Vulnerable to Denial-of-Service via Unauthenticated Root Token Generation/Rekey Operations security-vault	0	847	April 17, 2026
HCSEC-2026-07 - Vault May Expose Tokens to Auth Plugins Due to Incorrect Header Sanitization security-vault	0	571	April 17, 2026
HCSEC-2026-06 - Vault Vulnerable to Server-Side Request Forgery in ACME Challenge Validation via Attacker-Controlled DNS security-vault	0	610	April 17, 2026
HCSEC-2026-05 - Vault KVv2 Metadata and Secret Deletion Policy Bypass Denial-of-Service security-vault	0	922	April 17, 2026
HCSEC-2026-04 - Go-getter may allow to arbitrary filesystem reads through git operations	0	343	April 9, 2026
HCSEC-2026-03 - HashiCorp GPG Key (72D7468F) Update	0	2313	March 12, 2026
HCSEC-2026-02 - Consul Vulnerable to Arbitrary File Reads Through the Vault Kubernetes Authentication Provider security-consul	0	439	March 11, 2026
HCSEC-2026-01 - Arbitrary code execution in React server-side rendering of untrusted MDX content	0	7922	February 12, 2026
HCSEC-2025-33 - Vault Terraform Provider Applied Incorrect Defaults for LDAP Auth Method security-vault , security-terraform	0	1434	November 21, 2025
HCSEC-2025-34 - Terraform Enterprise state versions can be created by users without sufficient write access security-terraform	0	556	November 21, 2025
HCSEC-2025-29 - Consul's KV endpoint is vulnerable to denial of service security-consul	0	947	October 28, 2025
HCSEC-2025-28 - Consul's event endpoint is vulnerable to denial of service security-consul	0	806	October 28, 2025
HCSEC-2025-32 - Incomplete Fix For Previous Vault DoS Issue security-vault	0	507	October 23, 2025
HCSEC-2025-31- Vault Vulnerable to Denial of Service Due to Rate Limit Regression security-vault	0	1944	October 23, 2025
HCSEC-2025-30 - Vault AWS Auth Method Authentication Bypass Through Mishandling of Cache Entries security-vault	0	1689	October 23, 2025
HCSEC-2025-25 - Updates to HashiCorp subprocessors	0	264	September 30, 2025
HCSEC-2025-24 - Vault Denial of Service Though Complex JSON Payloads security-vault	0	2741	August 28, 2025
HCSEC-2025-23 - HashiCorp go-getter Vulnerable to Arbitrary Read through Symlink Attack	0	1334	August 15, 2025
HCSEC-2025-22 - Multiple Vulnerabilities Impacting HashiCorp Vault and Vault Enterprise security-vault	0	5944	August 6, 2025
HCSEC-2025-21 - Vault User Enumeration in Userpass Auth Method security-vault	1	1875	February 13, 2026
HCSEC-2025-20 - Vault LDAP MFA Enforcement Bypass When Using Username As Alias security-vault	0	2079	August 6, 2025
HCSEC-2025-19 - Vault Login MFA Bypass of Rate Limiting and TOTP Token Reuse security-vault	0	1482	August 1, 2025