CVE-2026-5807

Published: Apr 17, 2026 Last Modified: Apr 17, 2026

ExploitDB:

Other exploit source:

Google Dorks:

HIGH 7,5

Source: [email protected]

Attack Vector: network

Attack Complexity: low

Privileges Required: none

User Interaction: none

Scope: unchanged

Confidentiality: none

Integrity: none

Availability: high

Description

AI Translation Available

Vault is vulnerable to a denial-of-service condition where an unauthenticated attacker can repeatedly initiate or cancel root token generation or rekey operations, occupying the single in-progress operation slot. This prevents legitimate operators from completing these workflows. This vulnerability, CVE-2026-5807, is fixed in Vault Community Edition 2.0.0 and Vault Enterprise 2.0.0.

770

Allocation of Resources Without Limits or Throttling

Incomplete

Abstraction: Base Structure: Simple

Common Consequences

Security Scopes Affected:

Availability

Potential Impacts:

Dos: Resource Consumption (Cpu) Dos: Resource Consumption (Memory) Dos: Resource Consumption (Other)

Applicable Platforms

All platforms may be affected

Likelihood of Exploit: High

View CWE Details

https://discuss.hashicorp.com/t/hcsec-2026-08-vault-vulnera…

https://discuss.hashicorp.com/t/hcsec-2026-08-vault-vulnerable-to-denial-of-ser…

CVE-2026-5807

Description

Allocation of Resources Without Limits or Throttling

Common Consequences

Applicable Platforms

Iscriviti alla newsletter