VDB
KO

GO-2026-5262

HashiCorp Vault has Server-Side Request Forgery in ACME Challenge Validation via Attacker-Controlled DNS in github.com/hashicorp/vault

Details

HashiCorp Vault has Server-Side Request Forgery in ACME Challenge Validation via Attacker-Controlled DNS in github.com/hashicorp/vault

Are you affected?

Enter the version of the package you're using.

Affected packages

Go / github.com/hashicorp/vault
Introduced in: 1.14.0

No fixed version published yet for github.com/hashicorp/vault (go modules). Pin to a known-safe version or switch to an alternative.

References