GHSA-5WRP-CWCJ-Q835 vulnerabilities

Vulnerabilities for packages: kgateway, kiali, gitlab-pages-fips, crossplane-fips, dapr, cloud-provider-azure-fips, ansible-operator-fips, boring-registry, gitlab-operator-fips, kots, aws-iam-authenticator, docker-compose-fips, azurefile-csi-fips, cluster-api-azure-controller-fips, gitlab-cng-fip...

CVE-2026-41178 vulnerabilities

Vulnerabilities for packages: kgateway, kiali, gitlab-pages-fips, crossplane-fips, dapr, cloud-provider-azure-fips, ansible-operator-fips, boring-registry, gitlab-operator-fips, kots, aws-iam-authenticator, docker-compose-fips, azurefile-csi-fips, cluster-api-azure-controller-fips, gitlab-cng-fip...

HashiCorp Consul/Consul Enterprise - Server-Side Request Forgery

HashiCorp Consul and Consul Enterprise up to 1.9.16, 1.10.9, and 1.11 are susceptible to server-side request forgery. When redirects are returned by HTTP health check endpoints, Consul follows these HTTP redirects by default. An attacker can possibly obtain sensitive information, modify data,...

HashiCorp Consul/Consul Enterprise <=1.9.4 - Cross-Site Scripting

HashiCorp Consul and Consul Enterprise up to version 1.9.4 are vulnerable to cross-site scripting via the key-value KV raw mode. id: CVE-2020-25864 info: name: HashiCorp Consul/Consul Enterprise =1.9.4 - Cross-Site Scripting author: c-sh0 severity: medium description: | HashiCorp Consul and Consu...

GHSA-CP6G-7HQX-QXHP vulnerabilities

Vulnerabilities for packages: migrate, splunk-otel-collector, bento, promxy, tetragon, dapr, consul-k8s, external-secrets-operator, cilium, datadog-agent, ksops, terraform-provider-pagerduty, grafana-pyroscope, wal-g, slsa-verifier, grafana-agent-operator, ratify, weaviate, grafana-mimir, cortex,...

CVE-2026-2303 vulnerabilities

Vulnerabilities for packages: migrate, splunk-otel-collector, bento, promxy, tetragon, dapr, consul-k8s, external-secrets-operator, cilium, datadog-agent, ksops, terraform-provider-pagerduty, grafana-pyroscope, wal-g, slsa-verifier, grafana-agent-operator, ratify, weaviate, grafana-mimir, cortex,...

CVE-2026-5061

The consul-template library before version 0.42.0 is vulnerable to a sandbox path bypass in the file template helper that may allow reading an out-of-sandbox file. This vulnerability CVE-2026-5061 is fixed in consul-template 0.42.0...

SUSE CVE-2025-11374

Consul and Consul Enterprise's “Consul” key/value endpoint is vulnerable to denial of service DoS due to incorrect Content Length header validation. This vulnerability, CVE-2025-11374, is fixed in Consul Community Edition 1.22.0 and Consul Enterprise 1.22.0, 1.21.6, 1.20.8 and 1.18.12...

SUSE CVE-2025-11375

Consul and Consul Enterprise's “Consul” event endpoint is vulnerable to denial of service DoS due to lack of maximum value on the Content Length header. This vulnerability, CVE-2025-11375, is fixed in Consul Community Edition 1.22.0 and Consul Enterprise 1.22.0, 1.21.6, 1.20.8 and 1.18.12...

CVE-2026-27172

A flaw was found in the camel-consul component of Apache Camel. An attacker with write access to the Consul Key-Value KV store could inject a malicious serialized Java object. When Apache Camel's ConsulRegistry deserializes this object, it can lead to arbitrary code execution within the Camel...

GHSA-FQW6-GF59-QR4W vulnerabilities

Vulnerabilities for packages: containerd, docker-cli-buildx, helm, docker-compose, headlamp, kots, k8ssandra-client, newrelic-infrastructure-agent, spegel, teleport, kargo, kaniko, tw, wolfictl, xeol, gatekeeper, consul-k8s, helm-operator, zarf, trivy-operator, trivy, dagger, envoy-gateway,...

CVE-2026-46680 vulnerabilities

Vulnerabilities for packages: containerd, docker-cli-buildx, helm, docker-compose, headlamp, kots, k8ssandra-client, newrelic-infrastructure-agent, spegel, teleport, kargo, kaniko, tw, wolfictl, xeol, gatekeeper, consul-k8s, helm-operator, zarf, trivy-operator, trivy, dagger, envoy-gateway,...

CVE-2026-46680 vulnerabilities

Vulnerabilities for packages: trivy, newrelic-infrastructure-agent, helm-operator-fips, spegel-fips, grype, chaos-mesh-fips, k9s, grype-fips, skaffold-fips, helm-operator, osv-scanner, kube-arangodb, scorecard, kots, k8ssandra-client, trivy-fips, newrelic-infrastructure-agent-fips,...

SUSE SLES15 Security Update : zypper-docker (SUSE-SU-2026:1951-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1951-1 advisory. This update for zypper-docker fixes the following issues - CVE-2026-2808: github.com/hashicorp/consul: unvalidated user-supplied fi...

CLEANSTART-2026-GP85500 Security fixes for ghsa-mh2q-q3fh-2475 applied in versions: 1.22.7-r0

Security vulnerability affects the consul-fips package. This issue is resolved in later releases. See references for vulnerability details...

BIT-CONSUL-2026-5061 Consul-template vulnerable to sandbox path bypass in file helper via a symlink attack

The consul-template library before version 0.42.0 is vulnerable to a sandbox path bypass in the file template helper that may allow reading an out-of-sandbox file. This vulnerability CVE-2026-5061 is fixed in consul-template 0.42.0...

EUVD-2026-29483

The consul-template library before version 0.42.0 is vulnerable to a sandbox path bypass in the file template helper that may allow reading an out-of-sandbox file. This vulnerability CVE-2026-5061 is fixed in consul-template 0.42.0...

CVE-2026-5061

The consul-template library before version 0.42.0 is vulnerable to a sandbox path bypass in the file template helper that may allow reading an out-of-sandbox file. This vulnerability CVE-2026-5061 is fixed in consul-template 0.42.0...

Security Bulletin: Consul-template vulnerable to sandbox path bypass in file helper via a symlink attack

Summary The consul-template library before version 0.42.0 is vulnerable to a sandbox path bypass in the file template helper that may allow reading an out-of-sandbox file. This vulnerability CVE-2026-5061 is fixed in consul-template 0.42.0. Vulnerability Details CVEID:CVE-2026-5061 DESCRIPTION:...

CVE-2026-5061 Consul-template vulnerable to sandbox path bypass in file helper via a symlink attack

The consul-template library before version 0.42.0 is vulnerable to a sandbox path bypass in the file template helper that may allow reading an out-of-sandbox file. This vulnerability CVE-2026-5061 is fixed in consul-template 0.42.0...