CVE-2026-4525 — Sensitive Info Insertion into Sent Data in Vault

CWE-201 — Sensitive Info Insertion into Sent Data4 documents4 sources

Severity

7.5HIGHNVD

EPSS

0.0%

top 97.09%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Hashicorp Vault Hashicorp Vault Enterprise Github.com Hashicorp Vault +8 more

Timeline

PublishedApr 17

Description

If a Vault auth mount is configured to pass through the "Authorization" header, and the "Authorization" header is used to authenticate to Vault, Vault forwarded the Vault token to the auth plugin backend. Fixed in 2.0.0, 1.21.5, 1.20.10, and 1.19.16.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.6 | Impact: 5.9

Affected Packages11 packages

▶CVEListV5hashicorp/vault0.11.2 — 2.0.0

▶CVEListV5hashicorp/vault_enterprise0.11.2 — 2.0.0

▶Gogithub.com/hashicorp_vault0.11.2 — 1.21.4

▶Red Hatocs4/cephcsi-rhel8

▶Red Hatodf4/cephcsi-rhel8

🔴Vulnerability Details

GHSA

HashiCorp Vault May Expose Tokens to Auth Plugins Due to Incorrect Header Sanitization↗2026-04-17

▶

📋Vendor Advisories

Red Hat

Vault: Vault: Information disclosure of authentication tokens via incorrect header handling↗2026-04-17

▶

💬Community

Bugzilla

CVE-2026-4525 Vault: Vault: Information disclosure of authentication tokens via incorrect header handling↗2026-04-17

▶