Search
Find a vulnerability
Search criteria
6 vulnerabilities found for Boundary Enterprise by HashiCorp
CVE-2026-7776 (GCVE-0-2026-7776)
Vulnerability from nvd – Published: 2026-05-04 21:34 – Updated: 2026-05-05 14:14
VLAI
Title
Boundary Workers Vulnerable to Denial of Service During TLS Handshake
Summary
Boundary Community Edition and Boundary Enterprise (“Boundary”) workers are vulnerable to a denial-of-service condition during node enrollment TLS handshakes. An attacker with network access to the worker authentication listener may open a connection and delay or withhold the client certificate during the TLS handshake, causing worker connection handling to block. This may prevent legitimate worker connections from being accepted or routed. This vulnerability, CVE-2026-7776, is fixed in Boundary 0.21.3, 0.20.3, 0.19.5.
Severity
7.5 (High)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-770 - Allocation of Resources Without Limits or Throttling
Assigner
References
1 reference
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| HashiCorp | Boundary |
Affected:
0.9.0 , < 0.21.3
(semver)
|
|
| HashiCorp | Boundary Enterprise |
Affected:
0.9.0 , < 0.21.3
(semver)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-7776",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-05T13:20:57.356797Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-05T14:14:05.799Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"64 bit",
"32 bit",
"x86",
"ARM",
"MacOS",
"Windows",
"Linux"
],
"product": "Boundary",
"repo": "https://github.com/hashicorp/boundary",
"vendor": "HashiCorp",
"versions": [
{
"changes": [
{
"at": "0.19.5",
"status": "unaffected"
},
{
"at": "0.20.3",
"status": "unaffected"
},
{
"at": "0.21.3",
"status": "unaffected"
}
],
"lessThan": "0.21.3",
"status": "affected",
"version": "0.9.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"64 bit",
"32 bit",
"x86",
"ARM",
"MacOS",
"Windows",
"Linux"
],
"product": "Boundary Enterprise",
"repo": "https://github.com/hashicorp/boundary",
"vendor": "HashiCorp",
"versions": [
{
"changes": [
{
"at": "0.19.5",
"status": "unaffected"
},
{
"at": "0.20.3",
"status": "unaffected"
},
{
"at": "0.21.3",
"status": "unaffected"
}
],
"lessThan": "0.21.3",
"status": "affected",
"version": "0.9.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "This issue was identified by the Boundary Engineering team."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eBoundary Community Edition and Boundary Enterprise (\u201cBoundary\u201d) workers are vulnerable to a denial-of-service condition during node enrollment TLS handshakes. An attacker with network access to the worker authentication listener may open a connection and delay or withhold the client certificate during the TLS handshake, causing worker connection handling to block. This may prevent legitimate worker connections from being accepted or routed. This vulnerability, CVE-2026-7776, is fixed in Boundary 0.21.3, 0.20.3, 0.19.5.\u003c/p\u003e\u003cbr/\u003e"
}
],
"value": "Boundary Community Edition and Boundary Enterprise (\u201cBoundary\u201d) workers are vulnerable to a denial-of-service condition during node enrollment TLS handshakes. An attacker with network access to the worker authentication listener may open a connection and delay or withhold the client certificate during the TLS handshake, causing worker connection handling to block. This may prevent legitimate worker connections from being accepted or routed. This vulnerability, CVE-2026-7776, is fixed in Boundary 0.21.3, 0.20.3, 0.19.5."
}
],
"impacts": [
{
"capecId": "CAPEC-227",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-227: Sustained Client Engagement"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "CWE-770: Allocation of Resources Without Limits or Throttling",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-04T21:36:18.758Z",
"orgId": "67fedba0-ff2e-4543-ba5b-aa93e87718cc",
"shortName": "HashiCorp"
},
"references": [
{
"url": "https://discuss.hashicorp.com/t/hcsec-2026-11-boundary-workers-vulnerable-to-denial-of-service-during-tls-handshake"
}
],
"source": {
"advisory": "HCSEC-2026-11",
"discovery": "INTERNAL"
},
"title": "Boundary Workers Vulnerable to Denial of Service During TLS Handshake"
}
},
"cveMetadata": {
"assignerOrgId": "67fedba0-ff2e-4543-ba5b-aa93e87718cc",
"assignerShortName": "HashiCorp",
"cveId": "CVE-2026-7776",
"datePublished": "2026-05-04T21:34:10.975Z",
"dateReserved": "2026-05-04T15:10:16.232Z",
"dateUpdated": "2026-05-05T14:14:05.799Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-12289 (GCVE-0-2024-12289)
Vulnerability from nvd – Published: 2024-12-12 22:42 – Updated: 2024-12-13 19:35
VLAI
Title
Boundary Controller Incorrectly Handles HTTP Requests On Initialization Which May Lead to a Denial of Service
Summary
Boundary Community Edition and Boundary Enterprise (“Boundary”) incorrectly handle HTTP requests during the initialization of the Boundary controller, which may cause the Boundary server to terminate prematurely. Boundary is only vulnerable to this flaw during the initialization of the Boundary controller, which on average is measured in milliseconds during the Boundary startup process.
This vulnerability, CVE-2024-12289, is fixed in Boundary Community Edition and Boundary Enterprise 0.16.4, 0.17.3, 0.18.2.
Severity
5.9 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-460 - Improper Cleanup on Thrown Exception
Assigner
References
1 reference
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| HashiCorp | Boundary |
Affected:
0.8.0 , < 0.18.2
(semver)
|
|
| HashiCorp | Boundary Enterprise |
Affected:
0.8.0 , < 0.18.2
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-12289",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-13T19:32:38.200931Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-13T19:35:10.676Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"64 bit",
"32 bit",
"x86",
"ARM",
"MacOS",
"Windows",
"Linux"
],
"product": "Boundary",
"repo": "https://github.com/hashicorp/boundary",
"vendor": "HashiCorp",
"versions": [
{
"changes": [
{
"at": "0.16.4",
"status": "unaffected"
},
{
"at": "0.17.3",
"status": "unaffected"
}
],
"lessThan": "0.18.2",
"status": "affected",
"version": "0.8.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"64 bit",
"32 bit",
"x86",
"ARM",
"MacOS",
"Windows",
"Linux"
],
"product": "Boundary Enterprise",
"repo": "https://github.com/hashicorp/boundary",
"vendor": "HashiCorp",
"versions": [
{
"changes": [
{
"at": "0.16.4",
"status": "unaffected"
},
{
"at": "0.17.3",
"status": "unaffected"
}
],
"lessThan": "0.18.2",
"status": "affected",
"version": "0.8.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eBoundary Community Edition and Boundary Enterprise (\u201cBoundary\u201d) incorrectly handle HTTP requests during the initialization of the Boundary controller, which may cause the Boundary server to terminate prematurely. Boundary is only vulnerable to this flaw during the initialization of the Boundary controller, which on average is measured in milliseconds during the Boundary startup process.\n\nThis vulnerability, CVE-2024-12289, is fixed in Boundary Community Edition and Boundary Enterprise 0.16.4, 0.17.3, 0.18.2.\u003c/p\u003e\u003cbr/\u003e"
}
],
"value": "Boundary Community Edition and Boundary Enterprise (\u201cBoundary\u201d) incorrectly handle HTTP requests during the initialization of the Boundary controller, which may cause the Boundary server to terminate prematurely. Boundary is only vulnerable to this flaw during the initialization of the Boundary controller, which on average is measured in milliseconds during the Boundary startup process.\n\nThis vulnerability, CVE-2024-12289, is fixed in Boundary Community Edition and Boundary Enterprise 0.16.4, 0.17.3, 0.18.2."
}
],
"impacts": [
{
"capecId": "CAPEC-227",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-227: Sustained Client Engagement"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-460",
"description": "CWE-460: Improper Cleanup on Thrown Exception",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-12T22:42:01.595Z",
"orgId": "67fedba0-ff2e-4543-ba5b-aa93e87718cc",
"shortName": "HashiCorp"
},
"references": [
{
"url": "https://discuss.hashicorp.com/t/hcsec-2024-28-boundary-controller-incorrectly-handles-http-requests-on-initialization-which-may-lead-to-a-denial-of-service"
}
],
"source": {
"advisory": "HCSEC-2024-28",
"discovery": "INTERNAL"
},
"title": "Boundary Controller Incorrectly Handles HTTP Requests On Initialization Which May Lead to a Denial of Service"
}
},
"cveMetadata": {
"assignerOrgId": "67fedba0-ff2e-4543-ba5b-aa93e87718cc",
"assignerShortName": "HashiCorp",
"cveId": "CVE-2024-12289",
"datePublished": "2024-12-12T22:42:01.595Z",
"dateReserved": "2024-12-05T22:09:25.315Z",
"dateUpdated": "2024-12-13T19:35:10.676Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-1052 (GCVE-0-2024-1052)
Vulnerability from nvd – Published: 2024-02-05 20:43 – Updated: 2024-08-01 18:26
VLAI
Title
Boundary Vulnerable to Session Hijacking Through TLS Certificate Tampering
Summary
Boundary and Boundary Enterprise (“Boundary”) is vulnerable to session hijacking through TLS certificate tampering. An attacker with privileges to enumerate active or pending sessions, obtain a private key pertaining to a session, and obtain a valid trust on first use (TOFU) token may craft a TLS certificate to hijack an active session and gain access to the underlying service or application.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-295 - Improper Certificate Validation
Assigner
References
1 reference
Impacted products
4 products
| Vendor | Product | Version | |
|---|---|---|---|
| HashiCorp | Boundary |
Affected:
0.8.0 , < 0.15.0
(semver)
|
|
| HashiCorp | Boundary Enterprise |
Affected:
0.8.0 , < 0.15.0
(semver)
|
|
| hashicorp | boundary |
Affected:
0.8.0 , < 0.15.0
(semver)
cpe:2.3:a:hashicorp:boundary:*:*:*:*:*:*:*:* |
|
| hashicorp | boundary_enterprise |
Affected:
0.8.0 , < 0.15.0
(semver)
cpe:2.3:a:hashicorp:boundary_enterprise:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:hashicorp:boundary:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "boundary",
"vendor": "hashicorp",
"versions": [
{
"lessThan": "0.15.0",
"status": "affected",
"version": "0.8.0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:hashicorp:boundary_enterprise:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "boundary_enterprise",
"vendor": "hashicorp",
"versions": [
{
"lessThan": "0.15.0",
"status": "affected",
"version": "0.8.0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-1052",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-28T17:48:37.020420Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-28T17:52:35.908Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T18:26:30.420Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://discuss.hashicorp.com/t/hcsec-2024-02-boundary-vulnerable-to-session-hijacking-through-tls-certificate-tampering/62458"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows",
"MacOS",
"Linux",
"x86",
"ARM",
"64 bit",
"32 bit"
],
"product": "Boundary",
"repo": "https://github.com/hashicorp/boundary",
"vendor": "HashiCorp",
"versions": [
{
"lessThan": "0.15.0",
"status": "affected",
"version": "0.8.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Windows",
"MacOS",
"Linux",
"x86",
"ARM",
"64 bit",
"32 bit"
],
"product": "Boundary Enterprise",
"vendor": "HashiCorp",
"versions": [
{
"lessThan": "0.15.0",
"status": "affected",
"version": "0.8.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Boundary and Boundary Enterprise (\u201cBoundary\u201d) is vulnerable to session hijacking through TLS certificate tampering. An attacker with privileges to enumerate active or pending sessions, obtain a private key pertaining to a session, and obtain a valid trust on first use (TOFU) token may craft a TLS certificate to hijack an active session and gain access to the underlying service or application."
}
],
"value": "Boundary and Boundary Enterprise (\u201cBoundary\u201d) is vulnerable to session hijacking through TLS certificate tampering. An attacker with privileges to enumerate active or pending sessions, obtain a private key pertaining to a session, and obtain a valid trust on first use (TOFU) token may craft a TLS certificate to hijack an active session and gain access to the underlying service or application."
}
],
"impacts": [
{
"capecId": "CAPEC-593",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-593 Session Hijacking"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-295",
"description": "CWE-295 Improper Certificate Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-05T20:43:53.939Z",
"orgId": "67fedba0-ff2e-4543-ba5b-aa93e87718cc",
"shortName": "HashiCorp"
},
"references": [
{
"url": "https://discuss.hashicorp.com/t/hcsec-2024-02-boundary-vulnerable-to-session-hijacking-through-tls-certificate-tampering/62458"
}
],
"source": {
"advisory": "HCSEC-2024-02",
"discovery": "EXTERNAL"
},
"title": "Boundary Vulnerable to Session Hijacking Through TLS Certificate Tampering"
}
},
"cveMetadata": {
"assignerOrgId": "67fedba0-ff2e-4543-ba5b-aa93e87718cc",
"assignerShortName": "HashiCorp",
"cveId": "CVE-2024-1052",
"datePublished": "2024-02-05T20:43:53.939Z",
"dateReserved": "2024-01-29T20:35:33.313Z",
"dateUpdated": "2024-08-01T18:26:30.420Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2026-7776 (GCVE-0-2026-7776)
Vulnerability from cvelistv5 – Published: 2026-05-04 21:34 – Updated: 2026-05-05 14:14
VLAI
Title
Boundary Workers Vulnerable to Denial of Service During TLS Handshake
Summary
Boundary Community Edition and Boundary Enterprise (“Boundary”) workers are vulnerable to a denial-of-service condition during node enrollment TLS handshakes. An attacker with network access to the worker authentication listener may open a connection and delay or withhold the client certificate during the TLS handshake, causing worker connection handling to block. This may prevent legitimate worker connections from being accepted or routed. This vulnerability, CVE-2026-7776, is fixed in Boundary 0.21.3, 0.20.3, 0.19.5.
Severity
7.5 (High)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-770 - Allocation of Resources Without Limits or Throttling
Assigner
References
1 reference
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| HashiCorp | Boundary |
Affected:
0.9.0 , < 0.21.3
(semver)
|
|
| HashiCorp | Boundary Enterprise |
Affected:
0.9.0 , < 0.21.3
(semver)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-7776",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-05T13:20:57.356797Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-05T14:14:05.799Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"64 bit",
"32 bit",
"x86",
"ARM",
"MacOS",
"Windows",
"Linux"
],
"product": "Boundary",
"repo": "https://github.com/hashicorp/boundary",
"vendor": "HashiCorp",
"versions": [
{
"changes": [
{
"at": "0.19.5",
"status": "unaffected"
},
{
"at": "0.20.3",
"status": "unaffected"
},
{
"at": "0.21.3",
"status": "unaffected"
}
],
"lessThan": "0.21.3",
"status": "affected",
"version": "0.9.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"64 bit",
"32 bit",
"x86",
"ARM",
"MacOS",
"Windows",
"Linux"
],
"product": "Boundary Enterprise",
"repo": "https://github.com/hashicorp/boundary",
"vendor": "HashiCorp",
"versions": [
{
"changes": [
{
"at": "0.19.5",
"status": "unaffected"
},
{
"at": "0.20.3",
"status": "unaffected"
},
{
"at": "0.21.3",
"status": "unaffected"
}
],
"lessThan": "0.21.3",
"status": "affected",
"version": "0.9.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "This issue was identified by the Boundary Engineering team."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eBoundary Community Edition and Boundary Enterprise (\u201cBoundary\u201d) workers are vulnerable to a denial-of-service condition during node enrollment TLS handshakes. An attacker with network access to the worker authentication listener may open a connection and delay or withhold the client certificate during the TLS handshake, causing worker connection handling to block. This may prevent legitimate worker connections from being accepted or routed. This vulnerability, CVE-2026-7776, is fixed in Boundary 0.21.3, 0.20.3, 0.19.5.\u003c/p\u003e\u003cbr/\u003e"
}
],
"value": "Boundary Community Edition and Boundary Enterprise (\u201cBoundary\u201d) workers are vulnerable to a denial-of-service condition during node enrollment TLS handshakes. An attacker with network access to the worker authentication listener may open a connection and delay or withhold the client certificate during the TLS handshake, causing worker connection handling to block. This may prevent legitimate worker connections from being accepted or routed. This vulnerability, CVE-2026-7776, is fixed in Boundary 0.21.3, 0.20.3, 0.19.5."
}
],
"impacts": [
{
"capecId": "CAPEC-227",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-227: Sustained Client Engagement"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "CWE-770: Allocation of Resources Without Limits or Throttling",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-04T21:36:18.758Z",
"orgId": "67fedba0-ff2e-4543-ba5b-aa93e87718cc",
"shortName": "HashiCorp"
},
"references": [
{
"url": "https://discuss.hashicorp.com/t/hcsec-2026-11-boundary-workers-vulnerable-to-denial-of-service-during-tls-handshake"
}
],
"source": {
"advisory": "HCSEC-2026-11",
"discovery": "INTERNAL"
},
"title": "Boundary Workers Vulnerable to Denial of Service During TLS Handshake"
}
},
"cveMetadata": {
"assignerOrgId": "67fedba0-ff2e-4543-ba5b-aa93e87718cc",
"assignerShortName": "HashiCorp",
"cveId": "CVE-2026-7776",
"datePublished": "2026-05-04T21:34:10.975Z",
"dateReserved": "2026-05-04T15:10:16.232Z",
"dateUpdated": "2026-05-05T14:14:05.799Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-12289 (GCVE-0-2024-12289)
Vulnerability from cvelistv5 – Published: 2024-12-12 22:42 – Updated: 2024-12-13 19:35
VLAI
Title
Boundary Controller Incorrectly Handles HTTP Requests On Initialization Which May Lead to a Denial of Service
Summary
Boundary Community Edition and Boundary Enterprise (“Boundary”) incorrectly handle HTTP requests during the initialization of the Boundary controller, which may cause the Boundary server to terminate prematurely. Boundary is only vulnerable to this flaw during the initialization of the Boundary controller, which on average is measured in milliseconds during the Boundary startup process.
This vulnerability, CVE-2024-12289, is fixed in Boundary Community Edition and Boundary Enterprise 0.16.4, 0.17.3, 0.18.2.
Severity
5.9 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-460 - Improper Cleanup on Thrown Exception
Assigner
References
1 reference
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| HashiCorp | Boundary |
Affected:
0.8.0 , < 0.18.2
(semver)
|
|
| HashiCorp | Boundary Enterprise |
Affected:
0.8.0 , < 0.18.2
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-12289",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-13T19:32:38.200931Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-13T19:35:10.676Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"64 bit",
"32 bit",
"x86",
"ARM",
"MacOS",
"Windows",
"Linux"
],
"product": "Boundary",
"repo": "https://github.com/hashicorp/boundary",
"vendor": "HashiCorp",
"versions": [
{
"changes": [
{
"at": "0.16.4",
"status": "unaffected"
},
{
"at": "0.17.3",
"status": "unaffected"
}
],
"lessThan": "0.18.2",
"status": "affected",
"version": "0.8.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"64 bit",
"32 bit",
"x86",
"ARM",
"MacOS",
"Windows",
"Linux"
],
"product": "Boundary Enterprise",
"repo": "https://github.com/hashicorp/boundary",
"vendor": "HashiCorp",
"versions": [
{
"changes": [
{
"at": "0.16.4",
"status": "unaffected"
},
{
"at": "0.17.3",
"status": "unaffected"
}
],
"lessThan": "0.18.2",
"status": "affected",
"version": "0.8.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eBoundary Community Edition and Boundary Enterprise (\u201cBoundary\u201d) incorrectly handle HTTP requests during the initialization of the Boundary controller, which may cause the Boundary server to terminate prematurely. Boundary is only vulnerable to this flaw during the initialization of the Boundary controller, which on average is measured in milliseconds during the Boundary startup process.\n\nThis vulnerability, CVE-2024-12289, is fixed in Boundary Community Edition and Boundary Enterprise 0.16.4, 0.17.3, 0.18.2.\u003c/p\u003e\u003cbr/\u003e"
}
],
"value": "Boundary Community Edition and Boundary Enterprise (\u201cBoundary\u201d) incorrectly handle HTTP requests during the initialization of the Boundary controller, which may cause the Boundary server to terminate prematurely. Boundary is only vulnerable to this flaw during the initialization of the Boundary controller, which on average is measured in milliseconds during the Boundary startup process.\n\nThis vulnerability, CVE-2024-12289, is fixed in Boundary Community Edition and Boundary Enterprise 0.16.4, 0.17.3, 0.18.2."
}
],
"impacts": [
{
"capecId": "CAPEC-227",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-227: Sustained Client Engagement"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-460",
"description": "CWE-460: Improper Cleanup on Thrown Exception",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-12T22:42:01.595Z",
"orgId": "67fedba0-ff2e-4543-ba5b-aa93e87718cc",
"shortName": "HashiCorp"
},
"references": [
{
"url": "https://discuss.hashicorp.com/t/hcsec-2024-28-boundary-controller-incorrectly-handles-http-requests-on-initialization-which-may-lead-to-a-denial-of-service"
}
],
"source": {
"advisory": "HCSEC-2024-28",
"discovery": "INTERNAL"
},
"title": "Boundary Controller Incorrectly Handles HTTP Requests On Initialization Which May Lead to a Denial of Service"
}
},
"cveMetadata": {
"assignerOrgId": "67fedba0-ff2e-4543-ba5b-aa93e87718cc",
"assignerShortName": "HashiCorp",
"cveId": "CVE-2024-12289",
"datePublished": "2024-12-12T22:42:01.595Z",
"dateReserved": "2024-12-05T22:09:25.315Z",
"dateUpdated": "2024-12-13T19:35:10.676Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-1052 (GCVE-0-2024-1052)
Vulnerability from cvelistv5 – Published: 2024-02-05 20:43 – Updated: 2024-08-01 18:26
VLAI
Title
Boundary Vulnerable to Session Hijacking Through TLS Certificate Tampering
Summary
Boundary and Boundary Enterprise (“Boundary”) is vulnerable to session hijacking through TLS certificate tampering. An attacker with privileges to enumerate active or pending sessions, obtain a private key pertaining to a session, and obtain a valid trust on first use (TOFU) token may craft a TLS certificate to hijack an active session and gain access to the underlying service or application.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-295 - Improper Certificate Validation
Assigner
References
1 reference
Impacted products
4 products
| Vendor | Product | Version | |
|---|---|---|---|
| HashiCorp | Boundary |
Affected:
0.8.0 , < 0.15.0
(semver)
|
|
| HashiCorp | Boundary Enterprise |
Affected:
0.8.0 , < 0.15.0
(semver)
|
|
| hashicorp | boundary |
Affected:
0.8.0 , < 0.15.0
(semver)
cpe:2.3:a:hashicorp:boundary:*:*:*:*:*:*:*:* |
|
| hashicorp | boundary_enterprise |
Affected:
0.8.0 , < 0.15.0
(semver)
cpe:2.3:a:hashicorp:boundary_enterprise:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:hashicorp:boundary:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "boundary",
"vendor": "hashicorp",
"versions": [
{
"lessThan": "0.15.0",
"status": "affected",
"version": "0.8.0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:hashicorp:boundary_enterprise:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "boundary_enterprise",
"vendor": "hashicorp",
"versions": [
{
"lessThan": "0.15.0",
"status": "affected",
"version": "0.8.0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-1052",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-28T17:48:37.020420Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-28T17:52:35.908Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T18:26:30.420Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://discuss.hashicorp.com/t/hcsec-2024-02-boundary-vulnerable-to-session-hijacking-through-tls-certificate-tampering/62458"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows",
"MacOS",
"Linux",
"x86",
"ARM",
"64 bit",
"32 bit"
],
"product": "Boundary",
"repo": "https://github.com/hashicorp/boundary",
"vendor": "HashiCorp",
"versions": [
{
"lessThan": "0.15.0",
"status": "affected",
"version": "0.8.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Windows",
"MacOS",
"Linux",
"x86",
"ARM",
"64 bit",
"32 bit"
],
"product": "Boundary Enterprise",
"vendor": "HashiCorp",
"versions": [
{
"lessThan": "0.15.0",
"status": "affected",
"version": "0.8.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Boundary and Boundary Enterprise (\u201cBoundary\u201d) is vulnerable to session hijacking through TLS certificate tampering. An attacker with privileges to enumerate active or pending sessions, obtain a private key pertaining to a session, and obtain a valid trust on first use (TOFU) token may craft a TLS certificate to hijack an active session and gain access to the underlying service or application."
}
],
"value": "Boundary and Boundary Enterprise (\u201cBoundary\u201d) is vulnerable to session hijacking through TLS certificate tampering. An attacker with privileges to enumerate active or pending sessions, obtain a private key pertaining to a session, and obtain a valid trust on first use (TOFU) token may craft a TLS certificate to hijack an active session and gain access to the underlying service or application."
}
],
"impacts": [
{
"capecId": "CAPEC-593",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-593 Session Hijacking"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-295",
"description": "CWE-295 Improper Certificate Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-05T20:43:53.939Z",
"orgId": "67fedba0-ff2e-4543-ba5b-aa93e87718cc",
"shortName": "HashiCorp"
},
"references": [
{
"url": "https://discuss.hashicorp.com/t/hcsec-2024-02-boundary-vulnerable-to-session-hijacking-through-tls-certificate-tampering/62458"
}
],
"source": {
"advisory": "HCSEC-2024-02",
"discovery": "EXTERNAL"
},
"title": "Boundary Vulnerable to Session Hijacking Through TLS Certificate Tampering"
}
},
"cveMetadata": {
"assignerOrgId": "67fedba0-ff2e-4543-ba5b-aa93e87718cc",
"assignerShortName": "HashiCorp",
"cveId": "CVE-2024-1052",
"datePublished": "2024-02-05T20:43:53.939Z",
"dateReserved": "2024-01-29T20:35:33.313Z",
"dateUpdated": "2024-08-01T18:26:30.420Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}