CVE 4.4 MEDIUM

Audit Log Plugin Directory Guard Bypass via Legacy path Option_CVE-2026-5051

4.4 / 10
MEDIUM
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N

Description

HashiCorp Vault and Vault Enterprise prior to 2.0.1 audit device validation logic did not consistently apply plugin directory protections when the legacy file audit path option was used.

This vulnerability (CVE-2026-5051) is fixed in 2.0.1, 1.21.6, 1.20.11, and 1.19.17.

Basic Information

ID CVE-2026-5051
Source HashiCorp
Published Jul 1, 2026 at 17:10
Modified Jul 1, 2026 at 17:54

Affected Product

Vendor HashiCorp
Product Vault
Version 1.20.1
Affected Versions HashiCorp Vault 1.20.1
HashiCorp Vault Enterprise 1.19.0

CWE Classification

References

💭 Join the Security Discussion

🔒 Your email address will not be published. Required fields are marked *

⚠️ Please be respectful and constructive in your comments. Security discussions should remain professional.