All intelligence
// vulnerability record
cached · NVD via COSMOS syncCVE-2026-5051
MEDIUMpublished 2026-07-01 18:16 UTC · 3 days ago · modified 2026-07-02 17:54 UTC
4.4
CVSS / 10
// description
HashiCorp Vault and Vault Enterprise prior to 2.0.1 audit device validation logic did not consistently apply plugin directory protections when the legacy file audit path option was used. This vulnerability (CVE-2026-5051) is fixed in 2.0.1, 1.21.6, 1.20.11, and 1.19.17.
// weaknesses (CWE)
- CWE-22