Description
HashiCorp Consul and Consul Enterprise 1.18.20 up to 1.21.10 and 1.22.4 are vulnerable to arbitrary file read when configured with Kubernetes authentication. This vulnerability, CVE-2026-2808, is fixed in Consul 1.18.21, 1.21.11 and 1.22.5.
Published: 2026-03-11
Score: 6.8 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Arbitrary File Read
Action: Apply Patch
AI Analysis

Impact

HashiCorp Consul and Consul Enterprise are affected by a Path Traversal vulnerability (CWE‑59) in the Vault Kubernetes authentication provider. The flaw allows an authenticated attacker to craft requests that result in reading arbitrary files from the host filesystem, potentially exposing sensitive configuration data, credentials, or other confidential information. This vulnerability directly compromises confidentiality and could be leveraged as a foothold for further exploitation.

Affected Systems

Affected are HashiCorp Consul and Consul Enterprise versions 1.18.20 through 1.21.10 and 1.22.4. Any deployment using these versions with Kubernetes authentication enabled is vulnerable. The issue has been fixed in Consul releases 1.18.21, 1.21.11, and 1.22.5 and later.

Risk and Exploitability

The vulnerability has a CVSS v3.1 score of 6.8 (Medium) and an EPSS score below 1 %, indicating a low probability of widespread exploitation. It does not appear in the CISA KEV catalog. Based on the description, the likely attack vector requires access to the Vault Kubernetes authentication interface; an attacker must be able to send specially crafted requests that bypass proper path validation to read unintended files.

Generated by OpenCVE AI on March 17, 2026 at 15:24 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade HashiCorp Consul to version 1.18.21, 1.21.11, 1.22.5, or later
  • Confirm that all Consul instances are fully patched and no older versions remain in the environment
  • Review and restrict access to the Vault Kubernetes authentication API to trusted administrators only
  • Test that file read functionality is no longer exposed after upgrade

Generated by OpenCVE AI on March 17, 2026 at 15:24 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-cpfq-66p2-336j Consul is vulnerable to arbitrary file read when configured with Kubernetes authentication
History

Fri, 13 Mar 2026 00:15:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

 threat_severity

Moderate

Thu, 12 Mar 2026 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 12 Mar 2026 10:15:00 +0000

Type Values Removed Values Added
First Time appeared Hashicorp
Hashicorp consul
Hashicorp consul Enterprise
Vendors & Products Hashicorp
Hashicorp consul
Hashicorp consul Enterprise

Wed, 11 Mar 2026 23:30:00 +0000

Type Values Removed Values Added
Description HashiCorp Consul and Consul Enterprise 1.18.20 up to 1.21.10 and 1.22.4 are vulnerable to arbitrary file read when configured with Kubernetes authentication. This vulnerability, CVE-2026-2808, is fixed in Consul 1.18.21, 1.21.11 and 1.22.5.
Title Consul vulnerable to arbitrary file reads through the vault kubernetes authentication provider
Weaknesses CWE-59
References
Metrics cvssV3_1

{'score': 6.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N'}

Subscriptions

Hashicorp Consul Consul Enterprise
cve-icon MITRE

Status: PUBLISHED

Assigner: HashiCorp

Published:

Updated: 2026-03-12T13:28:26.972Z

Reserved: 2026-02-19T15:17:24.550Z

Link: CVE-2026-2808

cve-icon Vulnrichment

Updated: 2026-03-12T13:28:22.607Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-03-12T00:16:11.770

Modified: 2026-03-12T21:07:53.427

Link: CVE-2026-2808

cve-icon Redhat

Severity : Moderate

Publid Date: 2026-03-11T23:08:32Z

Links: CVE-2026-2808 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-03-20T15:36:38Z

Weaknesses