Main Vulnerability Database Vulnerabilities #VU126410

Server-Side Request Forgery (SSRF) in Vault and Vault Enterprise - CVE-2026-5052

Published: April 17, 2026

Vulnerability identifier: #VU126410

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N/E:U/U:Green

CVE-ID: CVE-2026-5052

CWE-ID: CWE-918

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: HashiCorp

Affected software:
Vault
Vault Enterprise

Detailed vulnerability description

The vulnerability allows a remote attacker to disclose sensitive information.

The vulnerability exists due to improper restriction of server-side request targets in the PKI engine ACME challenge validation when issuing http-01 and tls-alpn-01 challenges using attacker-controlled DNS. A remote attacker can cause Vault to send challenge validation requests to local network targets to disclose sensitive information.

Depending on the Vault configuration, the challenge endpoint is either unauthenticated or requires an EAB token.

How to mitigate CVE-2026-5052

Install security update from vendor's website.

Sources

https://discuss.hashicorp.com/t/hcsec-2026-06-vault-vulnerable-to-server-side-request-forgery-in-acme-challenge-validation-via-attacker-controlled-dns/77343

Server-Side Request Forgery (SSRF) in Vault and Vault Enterprise - CVE-2026-5052

Detailed vulnerability description

How to mitigate CVE-2026-5052

Sources

Please verify you're human