CVE-2026-4525

HIGH7.5EPSS 0.03%

HashiCorp Vault May Expose Tokens to Auth Plugins Due to Incorrect Header Sanitization

發布日:2026/4/17修改日:2026/4/21

也稱為:GHSA-72gw-fmmr-c4r4BIT-vault-2026-4525

描述

If a Vault auth mount is configured to pass through the "Authorization" header, and the "Authorization" header is used to authenticate to Vault, Vault forwarded the Vault token to the auth plugin backend. Fixed in 2.0.0, 1.21.5, 1.20.10, and 1.19.16.

受影響套件(2)

Bitnami/vault>= 0.10.0, < 2.0.0
Go/github.com/hashicorp/vault>= 0.11.2, <= 1.21.4

CVSS 分數

來源	版本	嚴重程度	向量
osv	CVSS 3.1	HIGH7.5	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

參考連結(3)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2026-4525
PATCHhttps://github.com/hashicorp/vault
WEBhttps://discuss.hashicorp.com/t/hcsec-2026-07-vault-may-expose-tokens-to-auth-plugins-due-to-incorrect-header-sanitization/77344