CVE-2026-5052

EUVD-2026-23344
Vault’s PKI engine’s ACME validation did not reject local targets when issuing http-01 and tls-alpn-01 challenges. This may lead to these requests being sent to local network targets, potentially leading to information disclosure. Fixed in Vault Community Edition 2.0.0 and Vault Enterprise 2.0.0, 1.21.5, 1.20.10, and 1.19.16.
SSRF
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.3 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 6%
Affected Products (NVD)
VendorProductVersion
hashicorpvault
1.14.0 ≤
𝑥
< 1.19.16
hashicorpvault
1.14.0 ≤
𝑥
< 2.0.0
hashicorpvault
1.20.0 ≤
𝑥
< 1.20.10
hashicorpvault
1.21.0 ≤
𝑥
< 1.21.5
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://discuss.hashicorp.com/t/hcsec-2026-06-vault-vulnerable-to-server-side-request-forgery-in-acme-challenge-validation-via-attacker-controlled-dns/77343