The consul-template library before version 0.42.0 is vulnerable to a sandbox path bypass in the file template helper that may allow reading an out-of-sandbox file. This vulnerability (CVE-2026-5061) is fixed in consul-template 0.42.0.
{
"osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/5xxx/CVE-2026-5061.json",
"cna_assigner": "HashiCorp",
"cwe_ids": [
"CWE-59"
]
}