CVE-2026-4525
Modified
Modified - Updated After Analysis
Authorization Header Token Disclosure in HashiCorp Vault Auth Mount
Vulnerability report for CVE-2026-4525, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.
Publication date: 2026-04-17
Last updated on: 2026-06-30
Assigner: HashiCorp Inc.
Description
Description
If a Vault auth mount is configured to pass through the "Authorization" header, and the "Authorization" header is used to authenticate to Vault, Vault forwarded the Vault token to the auth plugin backend. Fixed in 2.0.0, 1.21.5, 1.20.10, and 1.19.16.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| hashicorp | vault | From 1.20.0 (inc) to 1.20.10 (exc) |
| hashicorp | vault | From 1.21.0 (inc) to 1.21.5 (exc) |
| hashicorp | vault | From 0.11.2 (inc) to 2.0.0 (exc) |
| hashicorp | vault | From 0.11.2 (inc) to 1.19.16 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-201 | The code transmits data to another actor, but a portion of the data includes sensitive information that should not be accessible to that actor. |