CVE-2026-5052

MEDIUM 5.3

Vault Vulnerable to Server-Side Request Forgery in ACME Challenge Validation via Attacker-Controlled DNS

CVSS Score

5.3

EPSS Score

0.0%

EPSS Percentile

0th

Vault’s PKI engine’s ACME validation did not reject local targets when issuing http-01 and tls-alpn-01 challenges. This may lead to these requests being sent to local network targets, potentially leading to information disclosure. Fixed in Vault Community Edition 2.0.0 and Vault Enterprise 2.0.0, 1.21.5, 1.20.10, and 1.19.16.

CWE	CWE-918
Vendor	hashicorp
Product	vault
Published	Apr 17, 2026

Stay Ahead of the Next One

Get instant alerts for hashicorp vault

Be the first to know when new medium vulnerabilities affecting hashicorp vault are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

Affected Versions

HashiCorp / Vault

1.15.0 < 2.0.0

HashiCorp / Vault Enterprise

1.15.0 < 2.0.0

References

NVD ↗ CVE.org ↗ EPSS Data ↗

discuss.hashicorp.com: https://discuss.hashicorp.com/t/hcsec-2026-06-vault-vulnerable-to-server-side-request-forgery-in-acme-challenge-validation-via-attacker-controlled-dns/77343