1025 matches found
CVE-2026-41178 vulnerabilities
Vulnerabilities for packages: crossplane-provider-aws-cloudsearch-fips, crossplane-provider-azure-network, velero, cluster-autoscaler, gitlab-rails-ce-fips, k8s-image-swapper, gcp-compute-persistent-disk-csi-driver-fips, seaweedfs, commercial-expanso-edge, crossplane-provider-azure-solutions,...
GHSA-CP6G-7HQX-QXHP vulnerabilities
Vulnerabilities for packages: kyverno, thanos, teleport, cilium, migrate, dapr, consul-k8s, external-secrets-operator, wal-g, bento, splunk-otel-collector, promxy, amazon-cloudwatch-agent, slsa-verifier, grafana-mimir, cortex, trufflehog, vcluster, juicefs, loki, terraform-provider-pagerduty,...
CVE-2026-2303 vulnerabilities
Vulnerabilities for packages: kyverno, thanos, teleport, cilium, migrate, dapr, consul-k8s, external-secrets-operator, wal-g, bento, splunk-otel-collector, promxy, amazon-cloudwatch-agent, slsa-verifier, grafana-mimir, cortex, trufflehog, vcluster, juicefs, loki, terraform-provider-pagerduty,...
CVE-2026-5061
The consul-template library before version 0.42.0 is vulnerable to a sandbox path bypass in the file template helper that may allow reading an out-of-sandbox file. This vulnerability CVE-2026-5061 is fixed in consul-template 0.42.0...
SUSE CVE-2025-11374
Consul and Consul Enterprise's “Consul” key/value endpoint is vulnerable to denial of service DoS due to incorrect Content Length header validation. This vulnerability, CVE-2025-11374, is fixed in Consul Community Edition 1.22.0 and Consul Enterprise 1.22.0, 1.21.6, 1.20.8 and 1.18.12...
SUSE CVE-2025-11375
Consul and Consul Enterprise's “Consul” event endpoint is vulnerable to denial of service DoS due to lack of maximum value on the Content Length header. This vulnerability, CVE-2025-11375, is fixed in Consul Community Edition 1.22.0 and Consul Enterprise 1.22.0, 1.21.6, 1.20.8 and 1.18.12...
CVE-2026-27172
A flaw was found in the camel-consul component of Apache Camel. An attacker with write access to the Consul Key-Value KV store could inject a malicious serialized Java object. When Apache Camel's ConsulRegistry deserializes this object, it can lead to arbitrary code execution within the Camel...
CVE-2026-46680 vulnerabilities
Vulnerabilities for packages: trivy-operator, headlamp, docker, envoy-gateway, xeol, fuse-overlayfs-snapshotter, k3s, buildkitd, rancher, dagger, helm, helm-set-status, teleport, tw, consul-k8s, kargo, syft, opa, helm-push, k8sgpt, kots, cluster-api-helm-controller, newrelic-infrastructure-agent,...
GHSA-FQW6-GF59-QR4W vulnerabilities
Vulnerabilities for packages: trivy-operator, headlamp, docker, envoy-gateway, xeol, fuse-overlayfs-snapshotter, k3s, buildkitd, rancher, dagger, helm, helm-set-status, teleport, tw, consul-k8s, kargo, syft, opa, helm-push, k8sgpt, kots, cluster-api-helm-controller, newrelic-infrastructure-agent,...
CVE-2026-46680 vulnerabilities
Vulnerabilities for packages: gitlab-rails-ce-fips, grype-db, kubescape-operator-fips, envoy-gateway, osv-scanner, rancher-helm, gatekeeper, wolfictl, zarf-fips, datadog-agent, kaniko, neuvector-fips, cluster-api-helm-controller-fips, kubevela, kube-mgmt-fips, grype, ctop, chartmuseum-fips,...
Astra Linux – Vulnerability in Consul
HashiCorp Consul and Consul Enterprise 1.10.1’s Raft RPC layer enables non-server agents with a valid certificate signed by the same CA to access server-only functionalities, allowing for privilege escalation. This feature was fixed in versions 1.8.15, 1.9.9, and 1.10.2...
Astra Linux – Vulnerability in Consul
HashiCorp Consul and Consul Enterprise 1.10.1: The TXN.Apply endpoint allows for the registration of proxies for other services, enabling access to service traffic. This feature was fixed in versions 1.8.15, 1.9.9, and 1.10.2...
Astra Linux – Vulnerability in Consul
The HashiCorp Consul and Consul Enterprise versions up to 1.9.4 had a key-value KV raw mode that was vulnerable to cross-site scripting attacks. This issue was fixed in versions 1.9.5, 1.8.10, and 1.7.14...
SUSE SLES15 Security Update : zypper-docker (SUSE-SU-2026:1951-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1951-1 advisory. This update for zypper-docker fixes the following issues - CVE-2026-2808: github.com/hashicorp/consul: unvalidated user-supplied fi...
CLEANSTART-2026-GP85500 Security fixes for ghsa-mh2q-q3fh-2475 applied in versions: 1.22.7-r0
Security vulnerability affects the consul-fips package. This issue is resolved in later releases. See references for vulnerability details...
BIT-CONSUL-2026-5061 Consul-template vulnerable to sandbox path bypass in file helper via a symlink attack
The consul-template library before version 0.42.0 is vulnerable to a sandbox path bypass in the file template helper that may allow reading an out-of-sandbox file. This vulnerability CVE-2026-5061 is fixed in consul-template 0.42.0...
EUVD-2026-29483
The consul-template library before version 0.42.0 is vulnerable to a sandbox path bypass in the file template helper that may allow reading an out-of-sandbox file. This vulnerability CVE-2026-5061 is fixed in consul-template 0.42.0...
CVE-2026-5061
The consul-template library before version 0.42.0 is vulnerable to a sandbox path bypass in the file template helper that may allow reading an out-of-sandbox file. This vulnerability CVE-2026-5061 is fixed in consul-template 0.42.0...
Security Bulletin: Consul-template vulnerable to sandbox path bypass in file helper via a symlink attack
Summary The consul-template library before version 0.42.0 is vulnerable to a sandbox path bypass in the file template helper that may allow reading an out-of-sandbox file. This vulnerability CVE-2026-5061 is fixed in consul-template 0.42.0. Vulnerability Details CVEID:CVE-2026-5061 DESCRIPTION:...
CVE-2026-5061 Consul-template vulnerable to sandbox path bypass in file helper via a symlink attack
The consul-template library before version 0.42.0 is vulnerable to a sandbox path bypass in the file template helper that may allow reading an out-of-sandbox file. This vulnerability CVE-2026-5061 is fixed in consul-template 0.42.0...