平台
go
组件
hashicorp/vault
修复版本
2.0.0
2.0.0
1.21.5
CVE-2026-4525 is a security vulnerability affecting HashiCorp Vault. This issue occurs when an auth mount passes through the "Authorization" header, potentially exposing Vault tokens to the backend authentication plugin. The vulnerability impacts versions 0.11.2 through 2.0.0 of Vault. A fix is available in versions 2.0.0, 1.21.5, 1.20.10, and 1.19.16.
CVE-2026-4525 affects Vault when an auth mount is configured to pass through the 'Authorization' header. In this scenario, if the 'Authorization' header is used to authenticate to Vault, Vault inadvertently forwards the Vault token to the auth plugin backend. This could allow an attacker to compromise the auth plugin backend, potentially gaining access to secrets stored in Vault or performing unauthorized actions. The severity of this issue is rated as 7.5 (High) according to CVSS. Exposing Vault tokens to unintended auth plugin backends poses a significant security risk, as it could facilitate privilege escalation and unauthorized access to sensitive data. Addressing this vulnerability is crucial to protect the integrity and confidentiality of secrets managed by Vault.
This vulnerability is exploited when an attacker can control the 'Authorization' header sent to Vault. If an attacker can manipulate this header to include a valid Vault token, Vault will forward that token to the auth plugin backend. The auth plugin backend could then use this token to access resources or perform actions that the attacker should not be able to perform. The likelihood of exploitation depends on Vault's configuration and the security of the auth plugin backend. An environment where the 'Authorization' header is widely used for authentication and where the auth plugin backend is not adequately protected is more vulnerable.
漏洞利用状态
EPSS
0.02% (4% 百分位)
CISA SSVC
CVSS 向量
To mitigate CVE-2026-4525, it is recommended to upgrade to a version of Vault that includes the fix. Affected versions are those prior to 2.0.0, 1.21.5, 1.20.10, and 1.19.16. Upgrading is the most effective solution. Alternatively, if immediate upgrading is not possible, you can disable the 'Authorization' header passthrough functionality in the auth mount configuration. Carefully review your auth mount configurations to ensure that the 'Authorization' header is not being forwarded unnecessarily. Implement strict access controls on auth plugin backends to limit the potential impact of Vault token exposure. Monitor Vault logs for suspicious activity related to authentication and header forwarding.
Actualice Vault a la versión 2.0.0, 1.21.5, 1.20.10 o 1.19.16. Desactive la autorización de paso del encabezado 'Authorization' en las configuraciones de los auth mounts, o asegúrese de que el encabezado 'Authorization' se esté utilizando únicamente para autenticarse en Vault y no se esté pasando a los backends de auth plugin.
漏洞分析和关键警报直接发送到您的邮箱。
Versions prior to 2.0.0, 1.21.5, 1.20.10, and 1.19.16 are vulnerable.
Check the version of Vault you are using. If it is prior to the patched versions, you are vulnerable.
It is an HTTP header used to transmit authentication information, such as an authentication token.
It is the system or service that Vault uses to verify user credentials.
Disabling the 'Authorization' header passthrough in the auth mount configuration is a temporary workaround.
上传你的依赖文件,立即了解此CVE和其他CVE是否影响你。
上传你的 go.mod 文件,立即知道是否受影响。