Vault's ACME Challenge Sends Sensitive Requests to Local Network Targets

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

5.3

Vault's ACME Challenge Sends Sensitive Requests to Local Network Targets

CVE-2026-5052

Summary

A bug in Vault's PKI engine can cause it to send sensitive requests to internal network targets, potentially exposing information. This issue has been fixed in certain versions of Vault, so make sure to update your installation to the latest version to avoid any potential risks. Affected users should upgrade to Vault Community Edition 2.0.0 or one of the specified Enterprise versions to resolve this issue.

Original title

Original description

Vault’s PKI engine’s ACME validation did not reject local targets when issuing http-01 and tls-alpn-01 challenges. This may lead to these requests being sent to local network targets, potentially leading to information disclosure. Fixed in Vault Community Edition 2.0.0 and Vault Enterprise 2.0.0, 1.21.5, 1.20.10, and 1.19.16.

nvd CVSS3.1 5.3

Vulnerability type

CWE-918 Server-Side Request Forgery (SSRF)

https://discuss.hashicorp.com/t/hcsec-2026-06-vault-vulnerable-to-server-side-re...

Published: 17 Apr 2026 · Updated: 17 Apr 2026 · First seen: 17 Apr 2026