CVE-2026-5052
A flaw was found in Vault’s PKI engine. The ACME Automated Certificate Management Environment validation process did not properly restrict requests to local network targets when handling http-01 and tls-alpn-01 challenges. This vulnerability, known as Server-Side Request Forgery SSRF, could allow...