Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
7.5
Vault Leaks Authentication Token in Auth Plugin
CVE-2026-4525
Summary
If you use an auth mount that passes the Authorization header and uses it to log in to Vault, an attacker could get the Vault token. This could happen if you're using a vulnerable version of Vault. To protect yourself, update to version 2.0.0, 1.21.5, 1.20.10, or 1.19.16 or later.
Original title
If a Vault auth mount is configured to pass through the "Authorization" header, and the "Authorization" header is used to authenticate to Vault, Vault forwarded the Vault token to the auth plugin b...
Original description
If a Vault auth mount is configured to pass through the "Authorization" header, and the "Authorization" header is used to authenticate to Vault, Vault forwarded the Vault token to the auth plugin backend. Fixed in 2.0.0, 1.21.5, 1.20.10, and 1.19.16.
nvd CVSS3.1
7.5
Vulnerability type
CWE-201
Published: 17 Apr 2026 · Updated: 17 Apr 2026 · First seen: 17 Apr 2026