CVE-2026-3605 Overview
CVE-2026-3605 affects HashiCorp Vault's Key-Value version 2 (KVv2) secrets engine. An authenticated user with access to a KVv2 path through a policy containing a glob pattern can delete secrets they are not authorized to read or write. The flaw produces a denial-of-service condition by destroying secret data that the attacker cannot otherwise access. The vulnerability does not allow reading secret material and does not cross namespace boundaries. HashiCorp patched the issue in Vault Community Edition 2.0.0 and Vault Enterprise 2.0.0, 1.21.5, 1.20.10, and 1.19.16.
Critical Impact
An authenticated low-privilege user can permanently delete production secrets within reachable KVv2 paths, breaking applications that depend on those secrets and causing service outages.
Affected Products
- HashiCorp Vault Community Edition prior to 2.0.0
- HashiCorp Vault Enterprise prior to 2.0.0, 1.21.5, 1.20.10, 1.19.16
- Vault deployments using KVv2 secrets engine with glob-based policies
Discovery Timeline
- 2026-04-17 - CVE-2026-3605 published to the National Vulnerability Database
- 2026-04-25 - Last updated in NVD database
Technical Details for CVE-2026-3605
Vulnerability Analysis
The vulnerability resides in how Vault evaluates Access Control List (ACL) policies that use glob characters against KVv2 metadata and delete endpoints. KVv2 separates secret data operations from metadata operations, and metadata-level deletions remove all versions of a secret. When a policy grants capabilities on a glob path, the policy engine matches delete and destroy operations more permissively than intended. An authenticated user can issue delete requests against secret paths covered by the glob even when the policy did not explicitly authorize read, create, or update on those secrets. The flaw is categorized under [CWE-288] (Authentication Bypass Using an Alternate Path or Channel) and results in integrity and availability impact without confidentiality exposure.
Root Cause
The root cause is incomplete capability enforcement when policy paths containing glob wildcards are evaluated against KVv2 metadata delete and destroy endpoints. The policy matcher resolves the glob to grant deletion-related capabilities broader than the operator intended. Namespace isolation remains intact because the matcher does not cross namespace boundaries.
Attack Vector
An attacker requires valid Vault authentication and a token bound to a policy that uses a glob in any KVv2 path rule. The attacker sends authenticated HTTP requests to the KVv2 delete, undelete, or destroy endpoints, or to the metadata endpoint, targeting secrets within the glob-matched path. Each successful request removes secret versions or metadata, denying downstream applications access to credentials, certificates, or configuration values. No interaction from another user is required, and the attack is performed over the network against the Vault API.
No public proof-of-concept code is available for this issue. Refer to the HashiCorp Vault Advisory for vendor-provided technical detail.
Detection Methods for CVE-2026-3605
Indicators of Compromise
- Unexpected DELETE or POST requests to /v1/<mount>/metadata/<path>, /v1/<mount>/delete/<path>, or /v1/<mount>/destroy/<path> endpoints in Vault audit logs.
- Audit log entries showing deletion operations from tokens whose attached policies do not contain matching read, create, or update capabilities on the affected path.
- Application errors reporting missing or empty KVv2 secrets where secrets previously existed.
Detection Strategies
- Enable Vault audit devices and parse audit log entries for operation=delete events against KVv2 mounts, correlating the token's policy set with the targeted path.
- Alert when a single token issues high volumes of delete or destroy requests across multiple KVv2 paths within a short window.
- Compare deleted secret paths against an expected change-control list to surface deletions performed outside maintenance windows.
Monitoring Recommendations
- Forward Vault audit logs to a centralized SIEM and retain them long enough to support forensic review of secret deletions.
- Monitor Vault telemetry metrics such as vault.kv.v2.delete and vault.kv.v2.destroy for unusual request rates per token or per path.
- Track Vault token creation and policy assignment events to identify newly issued tokens carrying glob-based policies.
How to Mitigate CVE-2026-3605
Immediate Actions Required
- Upgrade to Vault Community Edition 2.0.0 or Vault Enterprise 2.0.0, 1.21.5, 1.20.10, or 1.19.16 as appropriate for the deployed branch.
- Audit all ACL policies for glob characters applied to KVv2 mounts and identify tokens that inherit those policies.
- Review KVv2 audit logs for unauthorized deletion activity since the policy was introduced and restore secrets from backups where required.
Patch Information
HashiCorp released fixed builds in Vault Community Edition 2.0.0 and Vault Enterprise 2.0.0, 1.21.5, 1.20.10, and 1.19.16. Patch details and upgrade guidance are documented in the HashiCorp Vault Advisory HCSEC-2026-05.
Workarounds
- Rewrite affected policies to enumerate specific KVv2 paths instead of using glob wildcards until the upgrade is applied.
- Explicitly deny delete, destroy, and update capabilities on KVv2 metadata paths for policies that should be read-only.
- Enable KVv2 versioning with sufficient max_versions and configure regular snapshots so deleted secrets can be recovered.
# Replace a permissive glob policy with explicit path rules
path "secret/data/app/*" {
capabilities = ["read"]
}
path "secret/metadata/app/*" {
capabilities = ["deny"]
}
path "secret/delete/app/*" {
capabilities = ["deny"]
}
path "secret/destroy/app/*" {
capabilities = ["deny"]
}
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

