CVE-2026-4525EXPLOITEDPATCHED

hashi · vault

Vault Token Leaked to Backends via Authorization: Bearer Passthrough Header

Description

If a Vault auth mount is configured to pass through the "Authorization" header, and the "Authorization" header is used to authenticate to Vault, Vault forwarded the Vault token to the auth plugin backend. Fixed in 2.0.0, 1.21.5, 1.20.10, and 1.19.16.

Affected Products

Vendor	Product	Versions
hashi	vault	0.11.2, 0.11.2

References

https://discuss.hashicorp.com/t/hcsec-2026-07-vault-may-expose-tokens-to-auth-plugins-due-to-incorrect-header-sanitization/77344

Related News (1 articles)

Tier C

VulDB13h ago

CVE-2026-4525 | HashiCorp Vault/Vault Enterprise up to 1.21.0 Header Authorization insertion of sensitive information into sent data

→ No new info (linked only)

CVSS 3.17.5 HIGH

VectorCVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA KEV❌ No

Actively exploited✅ Yes

Patch available

2.0.0

CWECWE-201

PublishedApr 17, 2026

Last enriched12h agov2

Trending Score49

Source articles1

Independent1

Info Completeness9/14

Missing: epss, kev, exploit, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

HIGHCVE-2026-3605EXP

Vault KVv2 Metadata and Secret Deletion Policy Bypass Denial-of-Service

Trending: 49

MEDIUMCVE-2026-5052

Vault Vulnerable to Server-Side Request Forgery in ACME Challenge Validation via Attacker-Controlled DNS

Trending: 43

HIGHCVE-2026-5807

Vault Vulnerable to Denial-of-Service via Unauthenticated Root Token Generation/Rekey Operations

Trending: 35

PRE-CVE

Vault KVv2 Metadata and Secret Deletion Policy Bypass and Server-Side Request Forgery Vulnerabilities

Trending: 20

HIGHCVE-2026-4660

Go-getter may allow to arbitrary filesystem reads through git operations

Trending: 9

Pin to Dashboard

Verification

State: unverified

Confidence: 0%

Vulnerability Timeline

CVE Published

Apr 17, 2026

Discovered by ZDM

Apr 17, 2026

Updated: description, affectedVersions, severity, activelyExploited

Apr 17, 2026

Actively Exploited

Apr 17, 2026

Patch Available

Apr 17, 2026

Version History

Last enriched 12h ago

v2Tier C12h ago

Updated description with new details, changed vendor to 'hashicorp', added product 'vault enterprise', included new affected version '1.21.0', updated severity to 'MEDIUM', and marked as actively exploited.

descriptionaffectedVersionsseverityactivelyExploited

via VulDB

v114h ago

Initial creation