CVE-2026-7776

Published May 4, 2026

Last updated 2 months ago

CVSS high 7.5
API

Overview

Description
Boundary Community Edition and Boundary Enterprise (“Boundary”) workers are vulnerable to a denial-of-service condition during node enrollment TLS handshakes. An attacker with network access to the worker authentication listener may open a connection and delay or withhold the client certificate during the TLS handshake, causing worker connection handling to block. This may prevent legitimate worker connections from being accepted or routed. This vulnerability, CVE-2026-7776, is fixed in Boundary 0.21.3, 0.20.3, 0.19.5.
Source
security@hashicorp.com
NVD status
Deferred

Risk scores

CVSS 3.1

Type
Secondary
Base score
7.5
Impact score
3.6
Exploitability score
3.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Severity
HIGH

Weaknesses

security@hashicorp.com
CWE-770

Social media

Hype score
Not currently trending

Related CVEs

  1. Nx Console Embedded Malicious Code VulnerabilityCVE-2026-48027
  2. Microsoft Defender Denial of Service VulnerabilityCVE-2026-45498
  3. Microsoft Defender Link Following VulnerabilityCVE-2026-41091
  4. WordPress MStore API 2.0.6 contains an arbitrary file upload vulnerability that allows unauthenticated attackers to upload malicious files by sending POST requests to the REST API endpoint. Attackers can upload PHP files with arbitrary names to the config_file endpoint to achieve remote code execution on the server.CVE-2021-47933
  5. A security flaw has been discovered in puchunjie doc-tools-mcp 1.0.18. This affects the function create_document/open_document of the file src/mcp-server.ts of the component MCP Interface. The manipulation of the argument filePath results in path traversal. The attack can be launched remotely. The exploit has been released to the public and may be used for attacks. The project was informed of the problem early through an issue report but has not responded yet.CVE-2026-7738

References

Sources include official advisories and independent security research.