A flaw was found in HashiCorp Vault and Vault Enterprise. This flaw allows a remote attacker to bypass security restrictions caused by an issue when the existing nested-path policies may give access to Namespaces created after the fact. By sending a specially crafted request, an attacker can bypass access restrictions.