CVE-2026-5052HIGH 8.6EPSS p24.8%

CVE-2026-5052CVE-2026-5052

Description

Vault’s PKI engine’s ACME validation did not reject local targets when issuing http-01 and tls-alpn-01 challenges. This may lead to these requests being sent to local network targets, potentially leading to information disclosure. Fixed in Vault Community Edition 2.0.0 and Vault Enterprise 2.0.0, 1.21.5, 1.20.10, and 1.19.16.

Scoring

CVSS 3.18.6 (HIGH)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
EPSS0.33% probability of exploitation · percentile 24.8% · 2026-06-19T12:03:05Z
Published2026-04-17
Last modified2026-04-27

Underlying weaknesses· 1

CWE-918

References

  1. https://discuss.hashicorp.com/t/hcsec-2026-06-vault-vulnerable-to-server-side-request-forgery-in-acme-challenge-validation-via-attacker-controlled-dns/77343

1

TypeTargetConfidenceTier
WeaknessServer-Side Request Forgery (SSRF)cwe-9180%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-4525
CVE
CVE-2026-3605
CVE
CVE-2025-11621
CVE
CVE-2025-13357
CVE
CVE-2025-3879
CVE
CVE-2025-6013
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.