Hashicorp Terraform Provider — known CVE vulnerabilities
Every CVE whose affected-product data names Hashicorp Terraform Provider, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (2)
CVE-2021-30476 — CVSS 9.8 (critical): HashiCorp Terraform’s Vault Provider (terraform-provider-vault) did not correctly configure GCE-type bound labels for Vault’s GCP auth…
CVE-2025-13357 — CVSS 7.4 (high): Vault’s Terraform Provider incorrectly set the default deny_null_bind parameter for the LDAP auth method to false by default, potentially…