Search

Find a vulnerability

Search criteria

    6 vulnerabilities found for Boundary Enterprise by HashiCorp

    CVE-2026-7776 (GCVE-0-2026-7776)

    Vulnerability from nvd – Published: 2026-05-04 21:34 – Updated: 2026-05-05 14:14
    VLAI
    Title
    Boundary Workers Vulnerable to Denial of Service During TLS Handshake
    Summary
    Boundary Community Edition and Boundary Enterprise (“Boundary”) workers are vulnerable to a denial-of-service condition during node enrollment TLS handshakes. An attacker with network access to the worker authentication listener may open a connection and delay or withhold the client certificate during the TLS handshake, causing worker connection handling to block. This may prevent legitimate worker connections from being accepted or routed. This vulnerability, CVE-2026-7776, is fixed in Boundary 0.21.3, 0.20.3, 0.19.5.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-770 - Allocation of Resources Without Limits or Throttling
    Assigner
    Impacted products
    Vendor Product Version
    HashiCorp Boundary Affected: 0.9.0 , < 0.21.3 (semver)
    Create a notification for this product.
    HashiCorp Boundary Enterprise Affected: 0.9.0 , < 0.21.3 (semver)
    Create a notification for this product.
    Credits
    This issue was identified by the Boundary Engineering team.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-7776",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-05T13:20:57.356797Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-05T14:14:05.799Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "64 bit",
                "32 bit",
                "x86",
                "ARM",
                "MacOS",
                "Windows",
                "Linux"
              ],
              "product": "Boundary",
              "repo": "https://github.com/hashicorp/boundary",
              "vendor": "HashiCorp",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "0.19.5",
                      "status": "unaffected"
                    },
                    {
                      "at": "0.20.3",
                      "status": "unaffected"
                    },
                    {
                      "at": "0.21.3",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "0.21.3",
                  "status": "affected",
                  "version": "0.9.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "64 bit",
                "32 bit",
                "x86",
                "ARM",
                "MacOS",
                "Windows",
                "Linux"
              ],
              "product": "Boundary Enterprise",
              "repo": "https://github.com/hashicorp/boundary",
              "vendor": "HashiCorp",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "0.19.5",
                      "status": "unaffected"
                    },
                    {
                      "at": "0.20.3",
                      "status": "unaffected"
                    },
                    {
                      "at": "0.21.3",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "0.21.3",
                  "status": "affected",
                  "version": "0.9.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "This issue was identified by the Boundary Engineering team."
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eBoundary Community Edition and Boundary Enterprise (\u201cBoundary\u201d) workers are vulnerable to a denial-of-service condition during node enrollment TLS handshakes. An attacker with network access to the worker authentication listener may open a connection and delay or withhold the client certificate during the TLS handshake, causing worker connection handling to block. This may prevent legitimate worker connections from being accepted or routed. This vulnerability, CVE-2026-7776, is fixed in Boundary 0.21.3, 0.20.3, 0.19.5.\u003c/p\u003e\u003cbr/\u003e"
                }
              ],
              "value": "Boundary Community Edition and Boundary Enterprise (\u201cBoundary\u201d) workers are vulnerable to a denial-of-service condition during node enrollment TLS handshakes. An attacker with network access to the worker authentication listener may open a connection and delay or withhold the client certificate during the TLS handshake, causing worker connection handling to block. This may prevent legitimate worker connections from being accepted or routed. This vulnerability, CVE-2026-7776, is fixed in Boundary 0.21.3, 0.20.3, 0.19.5."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-227",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-227: Sustained Client Engagement"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-770",
                  "description": "CWE-770: Allocation of Resources Without Limits or Throttling",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-04T21:36:18.758Z",
            "orgId": "67fedba0-ff2e-4543-ba5b-aa93e87718cc",
            "shortName": "HashiCorp"
          },
          "references": [
            {
              "url": "https://discuss.hashicorp.com/t/hcsec-2026-11-boundary-workers-vulnerable-to-denial-of-service-during-tls-handshake"
            }
          ],
          "source": {
            "advisory": "HCSEC-2026-11",
            "discovery": "INTERNAL"
          },
          "title": "Boundary Workers Vulnerable to Denial of Service During TLS Handshake"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "67fedba0-ff2e-4543-ba5b-aa93e87718cc",
        "assignerShortName": "HashiCorp",
        "cveId": "CVE-2026-7776",
        "datePublished": "2026-05-04T21:34:10.975Z",
        "dateReserved": "2026-05-04T15:10:16.232Z",
        "dateUpdated": "2026-05-05T14:14:05.799Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-12289 (GCVE-0-2024-12289)

    Vulnerability from nvd – Published: 2024-12-12 22:42 – Updated: 2024-12-13 19:35
    VLAI
    Title
    Boundary Controller Incorrectly Handles HTTP Requests On Initialization Which May Lead to a Denial of Service
    Summary
    Boundary Community Edition and Boundary Enterprise (“Boundary”) incorrectly handle HTTP requests during the initialization of the Boundary controller, which may cause the Boundary server to terminate prematurely. Boundary is only vulnerable to this flaw during the initialization of the Boundary controller, which on average is measured in milliseconds during the Boundary startup process. This vulnerability, CVE-2024-12289, is fixed in Boundary Community Edition and Boundary Enterprise 0.16.4, 0.17.3, 0.18.2.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-460 - Improper Cleanup on Thrown Exception
    Assigner
    Impacted products
    Vendor Product Version
    HashiCorp Boundary Affected: 0.8.0 , < 0.18.2 (semver)
    Create a notification for this product.
    HashiCorp Boundary Enterprise Affected: 0.8.0 , < 0.18.2 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-12289",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-12-13T19:32:38.200931Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-12-13T19:35:10.676Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "64 bit",
                "32 bit",
                "x86",
                "ARM",
                "MacOS",
                "Windows",
                "Linux"
              ],
              "product": "Boundary",
              "repo": "https://github.com/hashicorp/boundary",
              "vendor": "HashiCorp",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "0.16.4",
                      "status": "unaffected"
                    },
                    {
                      "at": "0.17.3",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "0.18.2",
                  "status": "affected",
                  "version": "0.8.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "64 bit",
                "32 bit",
                "x86",
                "ARM",
                "MacOS",
                "Windows",
                "Linux"
              ],
              "product": "Boundary Enterprise",
              "repo": "https://github.com/hashicorp/boundary",
              "vendor": "HashiCorp",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "0.16.4",
                      "status": "unaffected"
                    },
                    {
                      "at": "0.17.3",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "0.18.2",
                  "status": "affected",
                  "version": "0.8.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eBoundary Community Edition and Boundary Enterprise (\u201cBoundary\u201d) incorrectly handle HTTP requests during the initialization of the Boundary controller, which may cause the Boundary server to terminate prematurely. Boundary is only vulnerable to this flaw during the initialization of the Boundary controller, which on average is measured in milliseconds during the Boundary startup process.\n\nThis vulnerability, CVE-2024-12289, is fixed in Boundary Community Edition and Boundary Enterprise 0.16.4, 0.17.3, 0.18.2.\u003c/p\u003e\u003cbr/\u003e"
                }
              ],
              "value": "Boundary Community Edition and Boundary Enterprise (\u201cBoundary\u201d) incorrectly handle HTTP requests during the initialization of the Boundary controller, which may cause the Boundary server to terminate prematurely. Boundary is only vulnerable to this flaw during the initialization of the Boundary controller, which on average is measured in milliseconds during the Boundary startup process.\n\nThis vulnerability, CVE-2024-12289, is fixed in Boundary Community Edition and Boundary Enterprise 0.16.4, 0.17.3, 0.18.2."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-227",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-227: Sustained Client Engagement"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 5.9,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-460",
                  "description": "CWE-460: Improper Cleanup on Thrown Exception",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-12-12T22:42:01.595Z",
            "orgId": "67fedba0-ff2e-4543-ba5b-aa93e87718cc",
            "shortName": "HashiCorp"
          },
          "references": [
            {
              "url": "https://discuss.hashicorp.com/t/hcsec-2024-28-boundary-controller-incorrectly-handles-http-requests-on-initialization-which-may-lead-to-a-denial-of-service"
            }
          ],
          "source": {
            "advisory": "HCSEC-2024-28",
            "discovery": "INTERNAL"
          },
          "title": "Boundary Controller Incorrectly Handles HTTP Requests On Initialization Which May Lead to a Denial of Service"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "67fedba0-ff2e-4543-ba5b-aa93e87718cc",
        "assignerShortName": "HashiCorp",
        "cveId": "CVE-2024-12289",
        "datePublished": "2024-12-12T22:42:01.595Z",
        "dateReserved": "2024-12-05T22:09:25.315Z",
        "dateUpdated": "2024-12-13T19:35:10.676Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-1052 (GCVE-0-2024-1052)

    Vulnerability from nvd – Published: 2024-02-05 20:43 – Updated: 2024-08-01 18:26
    VLAI
    Title
    Boundary Vulnerable to Session Hijacking Through TLS Certificate Tampering
    Summary
    Boundary and Boundary Enterprise (“Boundary”) is vulnerable to session hijacking through TLS certificate tampering. An attacker with privileges to enumerate active or pending sessions, obtain a private key pertaining to a session, and obtain a valid trust on first use (TOFU) token may craft a TLS certificate to hijack an active session and gain access to the underlying service or application.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-295 - Improper Certificate Validation
    Assigner
    Impacted products
    Vendor Product Version
    HashiCorp Boundary Affected: 0.8.0 , < 0.15.0 (semver)
    Create a notification for this product.
    HashiCorp Boundary Enterprise Affected: 0.8.0 , < 0.15.0 (semver)
    Create a notification for this product.
    hashicorp boundary Affected: 0.8.0 , < 0.15.0 (semver)
        cpe:2.3:a:hashicorp:boundary:*:*:*:*:*:*:*:*
    Create a notification for this product.
    hashicorp boundary_enterprise Affected: 0.8.0 , < 0.15.0 (semver)
        cpe:2.3:a:hashicorp:boundary_enterprise:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:hashicorp:boundary:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "boundary",
                "vendor": "hashicorp",
                "versions": [
                  {
                    "lessThan": "0.15.0",
                    "status": "affected",
                    "version": "0.8.0",
                    "versionType": "semver"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:hashicorp:boundary_enterprise:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "boundary_enterprise",
                "vendor": "hashicorp",
                "versions": [
                  {
                    "lessThan": "0.15.0",
                    "status": "affected",
                    "version": "0.8.0",
                    "versionType": "semver"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-1052",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-06-28T17:48:37.020420Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-28T17:52:35.908Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T18:26:30.420Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://discuss.hashicorp.com/t/hcsec-2024-02-boundary-vulnerable-to-session-hijacking-through-tls-certificate-tampering/62458"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows",
                "MacOS",
                "Linux",
                "x86",
                "ARM",
                "64 bit",
                "32 bit"
              ],
              "product": "Boundary",
              "repo": "https://github.com/hashicorp/boundary",
              "vendor": "HashiCorp",
              "versions": [
                {
                  "lessThan": "0.15.0",
                  "status": "affected",
                  "version": "0.8.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows",
                "MacOS",
                "Linux",
                "x86",
                "ARM",
                "64 bit",
                "32 bit"
              ],
              "product": "Boundary Enterprise",
              "vendor": "HashiCorp",
              "versions": [
                {
                  "lessThan": "0.15.0",
                  "status": "affected",
                  "version": "0.8.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Boundary and Boundary Enterprise (\u201cBoundary\u201d) is vulnerable to session hijacking through TLS certificate tampering. An attacker with privileges to enumerate active or pending sessions, obtain a private key pertaining to a session, and obtain a valid trust on first use (TOFU) token may craft a TLS certificate to hijack an active session and gain access to the underlying service or application."
                }
              ],
              "value": "Boundary and Boundary Enterprise (\u201cBoundary\u201d) is vulnerable to session hijacking through TLS certificate tampering. An attacker with privileges to enumerate active or pending sessions, obtain a private key pertaining to a session, and obtain a valid trust on first use (TOFU) token may craft a TLS certificate to hijack an active session and gain access to the underlying service or application."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-593",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-593 Session Hijacking"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-295",
                  "description": "CWE-295 Improper Certificate Validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-02-05T20:43:53.939Z",
            "orgId": "67fedba0-ff2e-4543-ba5b-aa93e87718cc",
            "shortName": "HashiCorp"
          },
          "references": [
            {
              "url": "https://discuss.hashicorp.com/t/hcsec-2024-02-boundary-vulnerable-to-session-hijacking-through-tls-certificate-tampering/62458"
            }
          ],
          "source": {
            "advisory": "HCSEC-2024-02",
            "discovery": "EXTERNAL"
          },
          "title": "Boundary Vulnerable to Session Hijacking Through TLS Certificate Tampering"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "67fedba0-ff2e-4543-ba5b-aa93e87718cc",
        "assignerShortName": "HashiCorp",
        "cveId": "CVE-2024-1052",
        "datePublished": "2024-02-05T20:43:53.939Z",
        "dateReserved": "2024-01-29T20:35:33.313Z",
        "dateUpdated": "2024-08-01T18:26:30.420Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2026-7776 (GCVE-0-2026-7776)

    Vulnerability from cvelistv5 – Published: 2026-05-04 21:34 – Updated: 2026-05-05 14:14
    VLAI
    Title
    Boundary Workers Vulnerable to Denial of Service During TLS Handshake
    Summary
    Boundary Community Edition and Boundary Enterprise (“Boundary”) workers are vulnerable to a denial-of-service condition during node enrollment TLS handshakes. An attacker with network access to the worker authentication listener may open a connection and delay or withhold the client certificate during the TLS handshake, causing worker connection handling to block. This may prevent legitimate worker connections from being accepted or routed. This vulnerability, CVE-2026-7776, is fixed in Boundary 0.21.3, 0.20.3, 0.19.5.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-770 - Allocation of Resources Without Limits or Throttling
    Assigner
    Impacted products
    Vendor Product Version
    HashiCorp Boundary Affected: 0.9.0 , < 0.21.3 (semver)
    Create a notification for this product.
    HashiCorp Boundary Enterprise Affected: 0.9.0 , < 0.21.3 (semver)
    Create a notification for this product.
    Credits
    This issue was identified by the Boundary Engineering team.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-7776",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-05T13:20:57.356797Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-05T14:14:05.799Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "64 bit",
                "32 bit",
                "x86",
                "ARM",
                "MacOS",
                "Windows",
                "Linux"
              ],
              "product": "Boundary",
              "repo": "https://github.com/hashicorp/boundary",
              "vendor": "HashiCorp",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "0.19.5",
                      "status": "unaffected"
                    },
                    {
                      "at": "0.20.3",
                      "status": "unaffected"
                    },
                    {
                      "at": "0.21.3",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "0.21.3",
                  "status": "affected",
                  "version": "0.9.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "64 bit",
                "32 bit",
                "x86",
                "ARM",
                "MacOS",
                "Windows",
                "Linux"
              ],
              "product": "Boundary Enterprise",
              "repo": "https://github.com/hashicorp/boundary",
              "vendor": "HashiCorp",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "0.19.5",
                      "status": "unaffected"
                    },
                    {
                      "at": "0.20.3",
                      "status": "unaffected"
                    },
                    {
                      "at": "0.21.3",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "0.21.3",
                  "status": "affected",
                  "version": "0.9.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "This issue was identified by the Boundary Engineering team."
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eBoundary Community Edition and Boundary Enterprise (\u201cBoundary\u201d) workers are vulnerable to a denial-of-service condition during node enrollment TLS handshakes. An attacker with network access to the worker authentication listener may open a connection and delay or withhold the client certificate during the TLS handshake, causing worker connection handling to block. This may prevent legitimate worker connections from being accepted or routed. This vulnerability, CVE-2026-7776, is fixed in Boundary 0.21.3, 0.20.3, 0.19.5.\u003c/p\u003e\u003cbr/\u003e"
                }
              ],
              "value": "Boundary Community Edition and Boundary Enterprise (\u201cBoundary\u201d) workers are vulnerable to a denial-of-service condition during node enrollment TLS handshakes. An attacker with network access to the worker authentication listener may open a connection and delay or withhold the client certificate during the TLS handshake, causing worker connection handling to block. This may prevent legitimate worker connections from being accepted or routed. This vulnerability, CVE-2026-7776, is fixed in Boundary 0.21.3, 0.20.3, 0.19.5."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-227",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-227: Sustained Client Engagement"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-770",
                  "description": "CWE-770: Allocation of Resources Without Limits or Throttling",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-04T21:36:18.758Z",
            "orgId": "67fedba0-ff2e-4543-ba5b-aa93e87718cc",
            "shortName": "HashiCorp"
          },
          "references": [
            {
              "url": "https://discuss.hashicorp.com/t/hcsec-2026-11-boundary-workers-vulnerable-to-denial-of-service-during-tls-handshake"
            }
          ],
          "source": {
            "advisory": "HCSEC-2026-11",
            "discovery": "INTERNAL"
          },
          "title": "Boundary Workers Vulnerable to Denial of Service During TLS Handshake"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "67fedba0-ff2e-4543-ba5b-aa93e87718cc",
        "assignerShortName": "HashiCorp",
        "cveId": "CVE-2026-7776",
        "datePublished": "2026-05-04T21:34:10.975Z",
        "dateReserved": "2026-05-04T15:10:16.232Z",
        "dateUpdated": "2026-05-05T14:14:05.799Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-12289 (GCVE-0-2024-12289)

    Vulnerability from cvelistv5 – Published: 2024-12-12 22:42 – Updated: 2024-12-13 19:35
    VLAI
    Title
    Boundary Controller Incorrectly Handles HTTP Requests On Initialization Which May Lead to a Denial of Service
    Summary
    Boundary Community Edition and Boundary Enterprise (“Boundary”) incorrectly handle HTTP requests during the initialization of the Boundary controller, which may cause the Boundary server to terminate prematurely. Boundary is only vulnerable to this flaw during the initialization of the Boundary controller, which on average is measured in milliseconds during the Boundary startup process. This vulnerability, CVE-2024-12289, is fixed in Boundary Community Edition and Boundary Enterprise 0.16.4, 0.17.3, 0.18.2.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-460 - Improper Cleanup on Thrown Exception
    Assigner
    Impacted products
    Vendor Product Version
    HashiCorp Boundary Affected: 0.8.0 , < 0.18.2 (semver)
    Create a notification for this product.
    HashiCorp Boundary Enterprise Affected: 0.8.0 , < 0.18.2 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-12289",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-12-13T19:32:38.200931Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-12-13T19:35:10.676Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "64 bit",
                "32 bit",
                "x86",
                "ARM",
                "MacOS",
                "Windows",
                "Linux"
              ],
              "product": "Boundary",
              "repo": "https://github.com/hashicorp/boundary",
              "vendor": "HashiCorp",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "0.16.4",
                      "status": "unaffected"
                    },
                    {
                      "at": "0.17.3",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "0.18.2",
                  "status": "affected",
                  "version": "0.8.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "64 bit",
                "32 bit",
                "x86",
                "ARM",
                "MacOS",
                "Windows",
                "Linux"
              ],
              "product": "Boundary Enterprise",
              "repo": "https://github.com/hashicorp/boundary",
              "vendor": "HashiCorp",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "0.16.4",
                      "status": "unaffected"
                    },
                    {
                      "at": "0.17.3",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "0.18.2",
                  "status": "affected",
                  "version": "0.8.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eBoundary Community Edition and Boundary Enterprise (\u201cBoundary\u201d) incorrectly handle HTTP requests during the initialization of the Boundary controller, which may cause the Boundary server to terminate prematurely. Boundary is only vulnerable to this flaw during the initialization of the Boundary controller, which on average is measured in milliseconds during the Boundary startup process.\n\nThis vulnerability, CVE-2024-12289, is fixed in Boundary Community Edition and Boundary Enterprise 0.16.4, 0.17.3, 0.18.2.\u003c/p\u003e\u003cbr/\u003e"
                }
              ],
              "value": "Boundary Community Edition and Boundary Enterprise (\u201cBoundary\u201d) incorrectly handle HTTP requests during the initialization of the Boundary controller, which may cause the Boundary server to terminate prematurely. Boundary is only vulnerable to this flaw during the initialization of the Boundary controller, which on average is measured in milliseconds during the Boundary startup process.\n\nThis vulnerability, CVE-2024-12289, is fixed in Boundary Community Edition and Boundary Enterprise 0.16.4, 0.17.3, 0.18.2."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-227",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-227: Sustained Client Engagement"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 5.9,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-460",
                  "description": "CWE-460: Improper Cleanup on Thrown Exception",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-12-12T22:42:01.595Z",
            "orgId": "67fedba0-ff2e-4543-ba5b-aa93e87718cc",
            "shortName": "HashiCorp"
          },
          "references": [
            {
              "url": "https://discuss.hashicorp.com/t/hcsec-2024-28-boundary-controller-incorrectly-handles-http-requests-on-initialization-which-may-lead-to-a-denial-of-service"
            }
          ],
          "source": {
            "advisory": "HCSEC-2024-28",
            "discovery": "INTERNAL"
          },
          "title": "Boundary Controller Incorrectly Handles HTTP Requests On Initialization Which May Lead to a Denial of Service"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "67fedba0-ff2e-4543-ba5b-aa93e87718cc",
        "assignerShortName": "HashiCorp",
        "cveId": "CVE-2024-12289",
        "datePublished": "2024-12-12T22:42:01.595Z",
        "dateReserved": "2024-12-05T22:09:25.315Z",
        "dateUpdated": "2024-12-13T19:35:10.676Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-1052 (GCVE-0-2024-1052)

    Vulnerability from cvelistv5 – Published: 2024-02-05 20:43 – Updated: 2024-08-01 18:26
    VLAI
    Title
    Boundary Vulnerable to Session Hijacking Through TLS Certificate Tampering
    Summary
    Boundary and Boundary Enterprise (“Boundary”) is vulnerable to session hijacking through TLS certificate tampering. An attacker with privileges to enumerate active or pending sessions, obtain a private key pertaining to a session, and obtain a valid trust on first use (TOFU) token may craft a TLS certificate to hijack an active session and gain access to the underlying service or application.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-295 - Improper Certificate Validation
    Assigner
    Impacted products
    Vendor Product Version
    HashiCorp Boundary Affected: 0.8.0 , < 0.15.0 (semver)
    Create a notification for this product.
    HashiCorp Boundary Enterprise Affected: 0.8.0 , < 0.15.0 (semver)
    Create a notification for this product.
    hashicorp boundary Affected: 0.8.0 , < 0.15.0 (semver)
        cpe:2.3:a:hashicorp:boundary:*:*:*:*:*:*:*:*
    Create a notification for this product.
    hashicorp boundary_enterprise Affected: 0.8.0 , < 0.15.0 (semver)
        cpe:2.3:a:hashicorp:boundary_enterprise:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:hashicorp:boundary:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "boundary",
                "vendor": "hashicorp",
                "versions": [
                  {
                    "lessThan": "0.15.0",
                    "status": "affected",
                    "version": "0.8.0",
                    "versionType": "semver"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:hashicorp:boundary_enterprise:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "boundary_enterprise",
                "vendor": "hashicorp",
                "versions": [
                  {
                    "lessThan": "0.15.0",
                    "status": "affected",
                    "version": "0.8.0",
                    "versionType": "semver"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-1052",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-06-28T17:48:37.020420Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-28T17:52:35.908Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T18:26:30.420Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://discuss.hashicorp.com/t/hcsec-2024-02-boundary-vulnerable-to-session-hijacking-through-tls-certificate-tampering/62458"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows",
                "MacOS",
                "Linux",
                "x86",
                "ARM",
                "64 bit",
                "32 bit"
              ],
              "product": "Boundary",
              "repo": "https://github.com/hashicorp/boundary",
              "vendor": "HashiCorp",
              "versions": [
                {
                  "lessThan": "0.15.0",
                  "status": "affected",
                  "version": "0.8.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows",
                "MacOS",
                "Linux",
                "x86",
                "ARM",
                "64 bit",
                "32 bit"
              ],
              "product": "Boundary Enterprise",
              "vendor": "HashiCorp",
              "versions": [
                {
                  "lessThan": "0.15.0",
                  "status": "affected",
                  "version": "0.8.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Boundary and Boundary Enterprise (\u201cBoundary\u201d) is vulnerable to session hijacking through TLS certificate tampering. An attacker with privileges to enumerate active or pending sessions, obtain a private key pertaining to a session, and obtain a valid trust on first use (TOFU) token may craft a TLS certificate to hijack an active session and gain access to the underlying service or application."
                }
              ],
              "value": "Boundary and Boundary Enterprise (\u201cBoundary\u201d) is vulnerable to session hijacking through TLS certificate tampering. An attacker with privileges to enumerate active or pending sessions, obtain a private key pertaining to a session, and obtain a valid trust on first use (TOFU) token may craft a TLS certificate to hijack an active session and gain access to the underlying service or application."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-593",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-593 Session Hijacking"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-295",
                  "description": "CWE-295 Improper Certificate Validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-02-05T20:43:53.939Z",
            "orgId": "67fedba0-ff2e-4543-ba5b-aa93e87718cc",
            "shortName": "HashiCorp"
          },
          "references": [
            {
              "url": "https://discuss.hashicorp.com/t/hcsec-2024-02-boundary-vulnerable-to-session-hijacking-through-tls-certificate-tampering/62458"
            }
          ],
          "source": {
            "advisory": "HCSEC-2024-02",
            "discovery": "EXTERNAL"
          },
          "title": "Boundary Vulnerable to Session Hijacking Through TLS Certificate Tampering"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "67fedba0-ff2e-4543-ba5b-aa93e87718cc",
        "assignerShortName": "HashiCorp",
        "cveId": "CVE-2024-1052",
        "datePublished": "2024-02-05T20:43:53.939Z",
        "dateReserved": "2024-01-29T20:35:33.313Z",
        "dateUpdated": "2024-08-01T18:26:30.420Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }