Vault v2.0.3 released on 17-06-2026

Vault v2.0.3 is out now. Security-minded users and enterprise customers benefit from targeted hardening around authentication, token handling and template escaping, plus new beta AI agent support for JWT-based access.
See the release notes on the project’s GitHub for full details, upgrade guidance and the complete changelog.
What’s in this release
- Security hardening: auth/radius gains a case_insensitive_names toggle to avoid username collisions; core now uses constant-time comparison for recovery tokens; secrets/spiffe templates and transform (enterprise) now apply proper escaping and DB-specific quoting.
- AI Agent Support (Beta, Enterprise): an Agent Registry and support for Vault as an OAuth resource server so OAuth 2.0 JWTs can directly authorise requests for registered agents.
- Path and ACL behaviour changes: LIST requests with a trailing slash now correctly honour more-specific deny policies (which may change previous outcomes); Vault will redirect non-canonical paths containing /./, /../ or // to a cleaned path instead of rejecting them.
Upgrade notes
- Policies relying on the previous incorrect LIST behaviour may now be denied; review and test any policies that match patterns like
kv/*and verify LIST operations in a staging environment. - No rollback guidance is included in the release notes; ensure you have backups and test upgrades (including enterprise plugins and integrations) before applying to production.
Tell us how the upgrade went or report any surprises you hit while testing v2.0.3 — community feedback helps surface issues others will hit.


