Lucene search
+L

5 matches found

OSV
OSV
added 2026/04/21 12:15 p.m.21 views

BIT-VAULT-2026-5052 Vault Vulnerable to Server-Side Request Forgery in ACME Challenge Validation via Attacker-Controlled DNS

Vault’s PKI engine’s ACME validation did not reject local targets when issuing http-01 and tls-alpn-01 challenges. This may lead to these requests being sent to local network targets, potentially leading to information disclosure. Fixed in Vault Community Edition 2.0.0 and Vault Enterprise 2.0.0,...

8.6CVSS5.8AI score0.00332EPSS
Exploits0References2
NVD
NVD
added 2026/04/17 4:16 a.m.29 views

CVE-2026-5052

Vault’s PKI engine’s ACME validation did not reject local targets when issuing http-01 and tls-alpn-01 challenges. This may lead to these requests being sent to local network targets, potentially leading to information disclosure. Fixed in Vault Community Edition 2.0.0 and Vault Enterprise 2.0.0,...

8.6CVSS0.00332EPSS
Exploits0References1
CVE
CVE
added 2026/04/17 2:55 a.m.259 views

CVE-2026-5052

Vault’s PKI engine ACME validation did not reject local targets when issuing http-01 and tls-alpn-01 challenges, creating potential SSRF and information disclosure against internal targets. The issue affects Vault Community Edition up to 2.0.0 and Vault Enterprise up to 2.0.0, as well as 1.21.5, ...

8.6CVSS5.8AI score0.00332EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/17 2:55 a.m.5 views

CVE-2026-5052 Vault Vulnerable to Server-Side Request Forgery in ACME Challenge Validation via Attacker-Controlled DNS

Vault’s PKI engine’s ACME validation did not reject local targets when issuing http-01 and tls-alpn-01 challenges. This may lead to these requests being sent to local network targets, potentially leading to information disclosure. Fixed in Vault Community Edition 2.0.0 and Vault Enterprise 2.0.0,...

5.3CVSS5.8AI score0.00332EPSS
Exploits0References1
HashiCorp Security Advisories
HashiCorp Security Advisories
added 2021/04/21 8:29 p.m.5 views

Vault’s PKI Engine CRL May Exclude Revoked But Unexpired Certificates After Tidy

Summary Vault and Vault Enterprise “Vault” PKI Secrets Engine tidy functionality may cause Vault to exclude revoked-but-unexpired certificates from the Vault CRL. This vulnerability, CVE-2021-29653, was fixed in Vault and Vault Enterprise 1.5.8, 1.6.4, and 1.7.1. Background The Vault PKI Secrets...

7.5CVSS7AI score0.00552EPSS
Exploits0Affected Software1
Rows per page
Query Builder