BIT-consul-2026-2808

See a problem?

Import Source

https://github.com/bitnami/vulndb/tree/main/data/consul/BIT-consul-2026-2808.json

JSON Data

https://api.osv.dev/v1/vulns/BIT-consul-2026-2808

Aliases

Published

2026-03-13T09:02:37.072Z

Modified

2026-03-16T18:56:06.482800Z

Summary

Consul vulnerable to arbitrary file reads through the vault kubernetes authentication provider

Details

HashiCorp Consul and Consul Enterprise 1.18.20 up to 1.21.10 and 1.22.4 are vulnerable to arbitrary file read when configured with Kubernetes authentication. This vulnerability, CVE-2026-2808, is fixed in Consul 1.18.21, 1.21.11 and 1.22.5.

Database specific

{
    "severity": "Medium",
    "cpes": [
        "cpe:2.3:a:hashicorp:consul:*:*:*:*:enterprise:go:*:*",
        "cpe:2.3:a:hashicorp:consul:*:*:*:*:community:go:*:*"
    ]
}

References

Affected packages

Bitnami / consul

Package

Name: consul
Purl: pkg:bitnami/consul

Severity

6.8 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N CVSS Calculator

Affected ranges

Type: SEMVER
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.22.5

Database specific

source

"https://github.com/bitnami/vulndb/tree/main/data/consul/BIT-consul-2026-2808.json"