Vulnerabilities

Report: CVE-2026-3605 - Vault KVv2 Metadata and Secret Deletion Policy Bypass Denial-of-Service

2026-04-17 0 views admin

CVE ID :CVE-2026-3605 Published : April 17, 2026, 4:16 a.m. | 56 minutes ago Description :An authenticated user with access to a kvv2 path through a policy containing a glob may be able to delete secrets they were not authorized to read or write, resulting in denial-of-service. This vulnerability did not allow a malicious user to delete secrets across namespaces, nor read any secret data. Fxed in Vault Community Edition 2.0.0 and Vault Enterprise 2.0.0, 1.21.5, 1.20.10, and 1.19.16. Severity: 8.1 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE Details

CVE ID

CVE-2026-3605

Severity

HIGH

Published

April 17, 2026

Affected Product: Vault

🏷️ Tags

reportvaultmetadatasecretdeletionpolicybypassdenialservicecve

InfinitSec - Latest Cybersecurity, Technology & Gaming News

Report: CVE-2026-3605 - Vault KVv2 Metadata and Secret Deletion Policy Bypass Denial-of-Service

CVE Details

🏷️ Tags

More from Vulnerabilities

Report: CVE-2026-35496 - CubeCart Path Traversal Vulnerability

Report: Latest: CVE-2026-34018 - CubeCart SQL Injection

Report: Breaking: CVE-2026-21719 - CubeCart OS Command Injection Vulnerability

Report: CVE-2026-6482 - Local Privilege Escalation via OpenSSL configuration file in Insight Agent

Trending

CVE-2025-61481: Critical Remote Code Execution Vulnerability in MikroTik RouterOS & SwitchOS

CVE-2025-43939: Dell Unity OS Command Injection (High)

Google disputes false claims of massive Gmail data breach

Microsoft: DNS outage impacts Azure and Microsoft 365 services

3.5B Accounts, 1 Critical Flaw: Meta Closes WhatsApp Data-Harvesting