CVE-2026-3605 Vault — Exploit & Vulnerability Details HIGH

Parameter	Value
CVSS	8.1 (HIGH)
Type	CWE-288 (Authentication Bypass Using Alternate Path)
Vendor	Vault
Public PoC	No

An authenticated user with access to a kvv2 path through a policy containing a glob may be able to delete secrets they were not authorized to read or write, resulting in denial-of-service. This vulnerability did not allow a malicious user to delete secrets across namespaces, nor read any secret data. Fxed in Vault Community Edition 2.0.0 and Vault Enterprise 2.0.0, 1.21.5, 1.20.10, and 1.19.16.

Attack Parameters

Attack Vector

Network

Can be exploited remotely

Attack Complexity

Low

Easy to exploit

Privileges Required

Low

Basic privileges needed

User Interaction

None

No user interaction needed

Impact Assessment

Confidentiality

None

No data leak

Integrity

High

Complete data modification

Availability

High

Complete denial of service

CVSS Vector v3.1

Weakness Type (CWE)

CWE-288 Authentication Bypass Using Alternate Path

References 1

https://discuss.hashicorp.com/t/hcsec-2026-05-vault-kvv2-metadata-and-secret-de…

security@hashicorp.com

Share Post Share Share Share

Related Vulnerabilities

CVE-2026-5807

Vault

7.5

CVE-2026-5052

Vault

5.3

CVE-2026-4525

Vault

7.5

CVE-2026-33472

Vault

4.8

CVE-2026-34976

Vault

10.0

Menu

CVE-2026-3605

Attack Parameters

Impact Assessment

CVSS Vector v3.1

Weakness Type (CWE)

References 1

Related Vulnerabilities

CVE-2026-5807

CVE-2026-5052

CVE-2026-4525

CVE-2026-33472

CVE-2026-34976

CVE Details

Editor's Choice

Menu

CVE-2026-3605

Attack Parameters

Impact Assessment

CVSS Vector v3.1

Weakness Type (CWE)

References 1

Related Vulnerabilities

CVE-2026-5807

CVE-2026-5052

CVE-2026-4525

CVE-2026-33472

CVE-2026-34976

CVE Details

Editor's Choice

Stay informed on cybersecurity