Volerion logoVolerion
Volerion logoVolerion

HashiCorp Boundary Workers Denial-of-Service Vulnerability During TLS Handshake

Vulnerability

A denial-of-service vulnerability has been identified in HashiCorp Boundary Community Edition and Boundary Enterprise workers, prior to versions 0.21.3, 0.20.3, and 0.19.5. The issue arises during node enrollment TLS handshakes, where an attacker with network access to the worker authentication listener can delay or withhold the client certificate. This disruption causes the connection handling to block, potentially preventing legitimate worker connections from being accepted or routed.

Impact

Exploitation of this vulnerability leads to a denial-of-service condition for worker authentication and enrollment workflows, causing delays or disruptions in processing legitimate worker connections.

Remediation

Users are advised to upgrade to HashiCorp Boundary Community Edition or Boundary Enterprise versions 0.21.3, 0.20.3, or 0.19.5. For guidance on upgrading, please refer to Boundary's upgrade documentation.

Added: May 4, 2026, 10:20 PM
Updated: May 4, 2026, 10:20 PM

Vulnerability Rating

Custom Algorithm
spread
7.3
impact
2.5
exploitability
7.4
remediation
7.7
relevance
7.4
threat
0.0
urgency
2.9
incentive
4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.