CVE-2026-5051
MEDIUM
NVD
CVSS Score
4.4
Severity
MEDIUM
Published
Jul 01, 2026
Vendor
unknown
Description
HashiCorp Vault and Vault Enterprise prior to 2.0.1 audit device validation logic did not consistently apply plugin directory protections when the legacy file audit path option was used. This vulnerability (CVE-2026-5051) is fixed in 2.0.1, 1.21.6, 1.20.11, and 1.19.17.