Main Vulnerability Database Vulnerabilities #VU126409

Information disclosure in Vault and Vault Enterprise - CVE-2026-4525

Published: April 17, 2026

Vulnerability identifier: #VU126409

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2026-4525

CWE-ID: CWE-200

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: HashiCorp

Affected software:
Vault
Vault Enterprise

Detailed vulnerability description

The vulnerability allows a remote user to disclose sensitive information.

The vulnerability exists due to improper header sanitization in the auth plugin backend request processing logic when forwarding the "Authorization" header to an auth plugin backend. A remote user can send a request authenticated with the "Authorization" header to disclose sensitive information.

Exploitation requires an auth mount to be configured to pass through the "Authorization" header.

How to mitigate CVE-2026-4525

Install security update from vendor's website.

Sources

https://discuss.hashicorp.com/t/hcsec-2026-07-vault-may-expose-tokens-to-auth-plugins-due-to-incorrect-header-sanitization/77344

Information disclosure in Vault and Vault Enterprise - CVE-2026-4525

Detailed vulnerability description

How to mitigate CVE-2026-4525

Sources

Please verify you're human