CVE-2026-5807

Vault Vulnerable to Denial-of-Service via Unauthenticated Root Token Generation/Rekey Operations

Description

Vault is vulnerable to a denial-of-service condition where an unauthenticated attacker can repeatedly initiate or cancel root token generation or rekey operations, occupying the single in-progress operation slot. This prevents legitimate operators from completing these workflows. This vulnerability, CVE-2026-5807, is fixed in Vault Community Edition 2.0.0 and Vault Enterprise 2.0.0.

INFO

Published Date :

2026-04-17T03:22:13.816Z

Last Modified :

2026-04-17T03:22:13.816Z

Source :

HashiCorp

AFFECTED PRODUCTS

The following products are affected by CVE-2026-5807 vulnerability.

Vendors	Products
Hashicorp	Vault Vault Enterprise

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-5807.

URL	Resource
https://discuss.hashicorp.com/t/hcsec-2026-08-vault-vulnerable-to-denial-of-service-via-unauthenticated-root-token-generation-rekey-operations/77345

CVSS Vulnerability Scoring System

V3.1

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality Impact

Integrity Impact

Availability Impact