4.4
/ 10
MEDIUM
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N
Description
HashiCorp Vault and Vault Enterprise prior to 2.0.1 audit device validation logic did not consistently apply plugin directory protections when the legacy file audit path option was used.
This vulnerability (CVE-2026-5051) is fixed in 2.0.1, 1.21.6, 1.20.11, and 1.19.17.
This vulnerability (CVE-2026-5051) is fixed in 2.0.1, 1.21.6, 1.20.11, and 1.19.17.
Basic Information
ID
CVE-2026-5051
Source
HashiCorp
Published
Jul 1, 2026 at 17:10
Modified
Jul 1, 2026 at 17:54
Affected Product
Vendor
HashiCorp
Product
Vault
Version
1.20.1
Affected Versions
HashiCorp Vault 1.20.1
HashiCorp Vault Enterprise 1.19.0
HashiCorp Vault Enterprise 1.19.0