—
GO-2026-5262
HashiCorp Vault has Server-Side Request Forgery in ACME Challenge Validation via Attacker-Controlled DNS in github.com/hashicorp/vault
Details
HashiCorp Vault has Server-Side Request Forgery in ACME Challenge Validation via Attacker-Controlled DNS in github.com/hashicorp/vault
Are you affected?
Enter the version of the package you're using.
Affected packages
Go / github.com/hashicorp/vault
Introduced in:
1.14.0 No fixed version published yet for github.com/hashicorp/vault (go modules). Pin to a known-safe version or switch to an alternative.