Tag

Kvv2

1 brief RSS

Vault kvv2 Policy Bypass Vulnerability Leading to Denial-of-Service (CVE-2026-3605)

An authenticated user with access to a kvv2 path through a policy containing a glob may be able to delete secrets they were not authorized to read or write, resulting in denial-of-service, addressed in Vault versions 2.0.0, 1.21.5, 1.20.10, and 1.19.16.

vault kvv2 denial-of-service cve-2026-3605

2r 1t 1c 1i 2w ago