May 12, 2026

HCSEC-2026-15CVE-2026-7474

HCSEC-2026-15 - Nomad vulnerable to path traversal in dynamic host volume which may lead to code execution

May 12, 2026

HCSEC-2026-14CVE-2026-6959

HCSEC-2026-14 - Nomad arbitrary file read/write on client host through symlink attack

May 12, 2026

HCSEC-2026-13CVE-2026-8052

HCSEC-2026-13 - Nomad's exec2 task driver vulnerable to arbitrary file read/write on client host through symlink attack

May 12, 2026

HCSEC-2026-12CVE-2026-5061

HCSEC-2026-12 - Consul-template vulnerable to sandbox path bypass in file helper through symlink attack

May 4, 2026

HCSEC-2026-11CVE-2026-7776

HCSEC-2026-11 - Boundary Workers Vulnerable to Denial of Service During TLS Handshake

Apr 27, 2026

HCSEC-2026-10Disclosed before NVD

HCSEC-2026-10 - Updates to HashiCorp subprocessors

Apr 20, 2026

HCSEC-2026-09Disclosed before NVD

HCSEC-2026-09 - Remediation and Improved Secret Management for GitHub Webhook Secret Exposure

Apr 17, 2026

HCSEC-2026-08CVE-2026-5807

HCSEC-2026-08 - Vault Vulnerable to Denial-of-Service via Unauthenticated Root Token Generation/Rekey Operations

Apr 17, 2026

HCSEC-2026-07CVE-2026-4525

HCSEC-2026-07 - Vault May Expose Tokens to Auth Plugins Due to Incorrect Header Sanitization

Apr 17, 2026

HCSEC-2026-06CVE-2026-5052

HCSEC-2026-06 - Vault Vulnerable to Server-Side Request Forgery in ACME Challenge Validation via Attacker-Controlled DNS

Apr 17, 2026

HCSEC-2026-05CVE-2026-3605

HCSEC-2026-05 - Vault KVv2 Metadata and Secret Deletion Policy Bypass Denial-of-Service

Apr 9, 2026

HCSEC-2026-04CVE-2026-4660

HCSEC-2026-04 - Go-getter may allow to arbitrary filesystem reads through git operations

Mar 12, 2026

HCSEC-2026-03Disclosed before NVD

HCSEC-2026-03 - HashiCorp GPG Key (72D7468F) Update

Mar 11, 2026

HCSEC-2026-02CVE-2026-2808

HCSEC-2026-02 - Consul Vulnerable to Arbitrary File Reads Through the Vault Kubernetes Authentication Provider

Feb 12, 2026

HCSEC-2026-01CVE-2026-0969

HCSEC-2026-01 - Arbitrary code execution in React server-side rendering of untrusted MDX content

Nov 21, 2025

HCSEC-2025-33CVE-2025-13357

HCSEC-2025-33 - Vault Terraform Provider Applied Incorrect Defaults for LDAP Auth Method

Nov 21, 2025

HCSEC-2025-34CVE-2025-13432

HCSEC-2025-34 - Terraform Enterprise state versions can be created by users without sufficient write access

Oct 28, 2025

HCSEC-2025-29CVE-2025-11374

HCSEC-2025-29 - Consul's KV endpoint is vulnerable to denial of service

Oct 28, 2025

HCSEC-2025-28CVE-2025-11375

HCSEC-2025-28 - Consul's event endpoint is vulnerable to denial of service

Oct 23, 2025

HCSEC-2025-32CVE-2025-6203

HCSEC-2025-32 - Incomplete Fix For Previous Vault DoS Issue

Oct 23, 2025

HCSEC-2025-31CVE-2025-12044

HCSEC-2025-31- Vault Vulnerable to Denial of Service Due to Rate Limit Regression

Oct 23, 2025

HCSEC-2025-30CVE-2025-11621

HCSEC-2025-30 - Vault AWS Auth Method Authentication Bypass Through Mishandling of Cache Entries

Sep 30, 2025

HCSEC-2025-25Disclosed before NVD

HCSEC-2025-25 - Updates to HashiCorp subprocessors

Aug 28, 2025

HCSEC-2025-24CVE-2025-6203

HCSEC-2025-24 - Vault Denial of Service Though Complex JSON Payloads

Aug 15, 2025

HCSEC-2025-23CVE-2025-8959

HCSEC-2025-23 - HashiCorp go-getter Vulnerable to Arbitrary Read through Symlink Attack