🛡️ CVE-2024-8185
🟠 CVSS 8.0 — High ✅ No Known Exploit CWE-636 NVD
8.0
CVSS Score
0 Low4 Medium7 High9 Critical10

Description

Vault Community and Vault Enterprise (“Vault”) clusters using Vault’s Integrated Storage backend are vulnerable to a denial-of-service (DoS) attack through memory exhaustion through a Raft cluster join API endpoint . An attacker may send a large volume of requests to the endpoint which may cause Vault to consume excessive system memory resources, potentially leading to a crash of the underlying system and the Vault process itself. This vulnerability, CVE-2024-8185, is fixed in Vault Community 1.18.1 and Vault Enterprise 1.18.1, 1.17.8, and 1.16.12.

Details

Severity HIGH
CVSS Score 8.0
CVSS Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE CWE-636
Public Exploit ✅ No
Source NVD
Published 2024-10-31
Updated 2026-06-15
Modified 2026-02-04
Fix URL N/A

Affected Packages

Software From version Fixed in
github.com/hashicorp/vault
github.com/openbao/openbao
openbao 2.0.3
vault

Similar Threats

Site Security Check

Concerned your site may already be targeted?

BotEraser analyzes incoming traffic patterns and helps identify bot behavior consistent with known exploit attempts.

Check My Site Free →

No credit card required  ·  Results in minutes

ⓘ Data Notice: The information presented above has been compiled from publicly available internet sources. Boteraser aggregates this data solely for informational purposes and does not independently classify, evaluate, or endorse any findings about the vulnerabilities listed. The accuracy and completeness of this information is the sole responsibility of the original publishers. Boteraser and its operators accept no liability for any decisions made based on this data.