CVE-2026-4525

HIGH

Security Bulletin: Vault Token Leaked to Backends via Authorization: Bearer Passthrough Header

Details

CVSS v3: 7.5
NVD published: 2026-04-17 04:16:09
EPSS: <0.1% probability · 5.0th percentile — 2026-05-11
Affected versions: cpe:2.3:a:hashicorp:vault:*:*:*:*:enterprise:*:*:* cpe:2.3:a:hashicorp:vault:*:*:*:*:-:*:*:* cpe:2.3:a:hashicorp:vault:*:*:*:*:enterprise:*:*:* cpe:2.3:a:hashicorp:vault:*:*:*:*:enterprise:*:*:*
Summary: If a Vault auth mount is configured to pass through the "Authorization" header, and the "Authorization" header is used to authenticate to Vault, Vault forwarded the Vault token to the auth plugin backend. Fixed in 2.0.0, 1.21.5, 1.20.10, and 1.19.16.
Remediation: Not available in our cache.
Exploit info: Not available in our cache.

TopVuln sends digest emails with high-risk CVE picks across multiple authoritative sources—curated with EPSS and AI. Choose daily per-stream emails and optional weekly or monthly roundups.

Subscribe — free email digest or paid plan

Information is aggregated from multiple authoritative sources for convenience; verify with NVD and vendors before operational decisions.