Primary

Context

HashiCorp Vault Denial-of-Service Vulnerability via Unauthenticated Root Token Operations

Vulnerability

Patched

A denial-of-service vulnerability has been identified in HashiCorp Vault. An unauthenticated attacker can disrupt operations by repeatedly initiating or canceling root token generation or rekey processes. This activity occupies the sole available operation slot, preventing legitimate users from completing these tasks. The issue affects Vault versions prior to 2.0.0 and is present in both the Community and Enterprise Editions.

Impact

Exploitation of this vulnerability leads to a denial-of-service condition, where legitimate operations related to root token management are interrupted and无法完成.

Remediation

Users can upgrade to Vault Community Edition 2.0.0 or Vault Enterprise 2.0.0 to address this vulnerability.

Added: Apr 17, 2026, 5:19 AM

Updated: Apr 17, 2026, 5:19 AM

Vulnerability Rating

Custom Algorithm

spread

7.3

impact

0.6

exploitability

7.4

remediation

7.7

relevance

6.1

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

7.3

impact

0.6

exploitability

7.4

remediation

7.7

relevance

6.1

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

HashiCorp Vault Denial-of-Service Vulnerability via Unauthenticated Root Token Operations

Vulnerability

Impact

Remediation

Affected Products

HashiCorp Vault

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating