{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2026-5807","assignerOrgId":"67fedba0-ff2e-4543-ba5b-aa93e87718cc","state":"PUBLISHED","assignerShortName":"HashiCorp","dateReserved":"2026-04-08T14:43:57.845Z","datePublished":"2026-04-17T03:22:13.816Z","dateUpdated":"2026-06-30T12:11:12.664Z"},"containers":{"cna":{"affected":[{"defaultStatus":"unaffected","platforms":["64 bit","32 bit","x86","ARM","MacOS","Windows","Linux"],"product":"Vault","repo":"https://github.com/hashicorp/vault","vendor":"HashiCorp","versions":[{"lessThan":"2.0.0","status":"affected","version":"0","versionType":"semver"}]},{"defaultStatus":"unaffected","platforms":["64 bit","32 bit","x86","ARM","MacOS","Windows","Linux"],"product":"Vault Enterprise","repo":"https://github.com/hashicorp/vault","vendor":"HashiCorp","versions":[{"lessThan":"2.0.0.","status":"affected","version":"0","versionType":"semver"}]}],"credits":[{"lang":"en","value":"This issue was identified by XlabAI Team of Tencent Xuanwu Lab and the Atuin Automated Vulnerability Discovery Engine who reported it to HashiCorp."}],"descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"<p>Vault is vulnerable to a denial-of-service condition where an unauthenticated attacker can repeatedly initiate or cancel root token generation or rekey operations, occupying the single in-progress operation slot. This prevents legitimate operators from completing these workflows. This vulnerability, CVE-2026-5807, is fixed in Vault Community Edition 2.0.0 and Vault Enterprise 2.0.0.</p><br/>"}],"value":"Vault is vulnerable to a denial-of-service condition where an unauthenticated attacker can repeatedly initiate or cancel root token generation or rekey operations, occupying the single in-progress operation slot. This prevents legitimate operators from completing these workflows. This vulnerability, CVE-2026-5807, is fixed in Vault Community Edition 2.0.0 and Vault Enterprise 2.0.0."}],"impacts":[{"capecId":"CAPEC-125","descriptions":[{"lang":"en","value":"CAPEC-125: Flooding"}]}],"metrics":[{"cvssV3_1":{"baseScore":7.5,"baseSeverity":"HIGH","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","version":"3.1"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-770","description":"CWE-770: Allocation of Resources Without Limits or Throttling","lang":"en","type":"CWE"}]}],"providerMetadata":{"orgId":"67fedba0-ff2e-4543-ba5b-aa93e87718cc","shortName":"HashiCorp","dateUpdated":"2026-04-17T17:57:55.504Z"},"references":[{"url":"https://discuss.hashicorp.com/t/hcsec-2026-08-vault-vulnerable-to-denial-of-service-via-unauthenticated-root-token-generation-rekey-operations/77345"}],"source":{"advisory":"HCSEC-2026-08","discovery":"EXTERNAL"},"title":"Vault Vulnerable to Denial-of-Service via Unauthenticated Root Token Generation/Rekey Operations"},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2026-04-17T13:18:46.561122Z","id":"CVE-2026-5807","options":[{"Exploitation":"none"},{"Automatable":"yes"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2026-04-17T13:19:07.594Z"}},{"affected":[{"cpes":["cpe:/a:redhat:openshift_data_foundation:4"],"defaultStatus":"affected","product":"Red Hat Openshift Data Foundation 4","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:openshift:4"],"defaultStatus":"unaffected","product":"Red Hat OpenShift Container Platform 4","vendor":"Red Hat"}],"datePublic":"2026-04-17T03:22:13.816Z","descriptions":[{"lang":"en","value":"A flaw was found in Vault. An unauthenticated attacker can repeatedly initiate or cancel root token generation or rekey operations. This action occupies the single slot designated for in-progress operations, effectively preventing legitimate operators from completing critical administrative workflows. This vulnerability leads to a denial-of-service condition, impacting the availability of Vault's key management functions."}],"metrics":[{"other":{"content":{"namespace":"https://access.redhat.com/security/updates/classification/","value":"Important"},"type":"Red Hat severity rating"}},{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":7.5,"baseSeverity":"HIGH","confidentialityImpact":"NONE","integrityImpact":"NONE","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","version":"3.1"},"format":"CVSS"}],"problemTypes":[{"descriptions":[{"cweId":"CWE-770","description":"Allocation of Resources Without Limits or Throttling","lang":"en","type":"CWE"}]}],"references":[{"tags":["vdb-entry","x_refsource_REDHAT"],"url":"https://access.redhat.com/security/cve/CVE-2026-5807"},{"name":"RHBZ#2459109","tags":["issue-tracking","x_refsource_REDHAT"],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2459109"},{"tags":["x_sadp-csaf-vex"],"url":"https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-5807.json"}],"timeline":[{"lang":"en","time":"2026-04-17T05:00:53.880Z","value":"Reported to Red Hat."},{"lang":"en","time":"2026-04-17T03:22:13.816Z","value":"Made public."}],"title":"Vault: Vault: Denial of Service via unauthenticated root token generation or rekey operations","workarounds":[{"lang":"en","value":"Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}],"x_adpType":"supplier","x_generator":{"engine":"sadp-cli 1.0.0"},"providerMetadata":{"orgId":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","shortName":"redhat-SADP","dateUpdated":"2026-06-30T12:11:12.664Z"}}]}}