CVE-2026-3605 | HashiCorp Vault/Vault Enterprise up to 1.21.0 Policy authentication bypass

A vulnerability identified as critical has been detected in HashiCorp Vault and Vault Enterprise. Impacted is an unknown function of the component Policy Handler. The manipulation leads to authentication bypass using alternate channel.

This vulnerability is traded as CVE-2026-3605. It is possible to initiate the attack remotely. There is no exploit available.

You should upgrade the affected component.VulDB Recent EntriesRead More