Researchers at Cyata have disclosed nine previously unknown zero-day vulnerabilities in HashiCorp Vault, a widely adopted open-source secrets management platform, enabling attackers to bypass authentication, escalate privileges, and achieve remote code execution (RCE).
These flaws, assigned CVEs through responsible disclosure and patched in collaboration with HashiCorp, stem from subtle logic errors in core components like authentication backends, multi-factor authentication (MFA) enforcement, policy normalization, and plugin handling.
https://gbhackers.com/hashicorp-vault-0-day-flaws/