CVE-2026-5051
MEDIUMCVSS v3.1: 4.4
Source data as of:
At a glance
- Severity
- MEDIUM
- CVSS
- 4.4 v3.1 · NVD
- EPSS
- EPSS not provided by FIRST.org for this CVE
- CISA KEV
- No
- Type
- Path Traversal · NVD CWE
- Attack conditions (CVSS vector)
- NetworkNo user interaction · Source: NVD Vector
- Published
- 2026-07-01 · Modified: 2026-07-01
- References
- Jump to references (1)
CVSS / EPSS / KEV
Source — CVSS: NVD · EPSS: FIRST.org · KEV: CISA. Data & Sources
Description
HashiCorp Vault and Vault Enterprise prior to 2.0.1 audit device validation logic did not consistently apply plugin directory protections when the legacy file audit path option was used. This vulnerability (CVE-2026-5051) is fixed in 2.0.1, 1.21.6, 1.20.11, and 1.19.17.
References
Reference URLs as listed by NVD, grouped by a mechanical match on the link's host/pattern. Labels describe the link type only.