CVE-2026-4525
Authorization Header Token Disclosure in HashiCorp Vault Auth Mount
Publication date: 2026-04-17
Last updated on: 2026-04-27
Assigner: HashiCorp Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| hashicorp | vault | From 1.20.0 (inc) to 1.20.10 (exc) |
| hashicorp | vault | From 1.21.0 (inc) to 1.21.5 (exc) |
| hashicorp | vault | From 0.11.2 (inc) to 2.0.0 (exc) |
| hashicorp | vault | From 0.11.2 (inc) to 1.19.16 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-201 | The code transmits data to another actor, but a portion of the data includes sensitive information that should not be accessible to that actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability occurs when a Vault authentication mount is configured to pass through the "Authorization" header, and that header is used to authenticate to Vault. In this case, Vault mistakenly forwards the Vault token contained in the "Authorization" header to the authentication plugin backend.
How can this vulnerability impact me? :
The vulnerability can lead to unauthorized disclosure of Vault tokens because the tokens are forwarded to the authentication plugin backend. This could allow attackers or unauthorized parties to gain access to sensitive Vault tokens, potentially compromising confidentiality, integrity, and availability of secrets managed by Vault.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, upgrade Vault to one of the fixed versions: 2.0.0, 1.21.5, 1.20.10, or 1.19.16.