HIGHCVE-2026-5807Published Modified CNA HashiCorp
CVE-2026-5807: Vault Vulnerable to Denial-of-Service via Unauthenticated Root Token Generation/Rekey Operations
Vault is vulnerable to a denial-of-service condition where an unauthenticated attacker can repeatedly initiate or cancel root token generation or rekey operations, occupying the single in-progress operation slot. This prevents legitimate operators from completing these workflows. This vulnerability, CVE-2026-5807, is fixed in Vault Community Edition 2.0.0 and Vault Enterprise 2.0.0.
Metrics
- CVSS v3.1
- 7.5
- Severity
- HIGH
- Fixed in
- 2.0.0.
- Affected Products
- 2
Fix available
2.0.0.2.0.0
Affected packages
- HashiCorp / Vault< 2.0.0 (from 0)
- HashiCorp / Vault Enterprise< 2.0.0. (from 0)
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HReferences