BIT-CONSUL-2026-2808 Consul vulnerable to arbitrary file reads through the vault kubernetes authentication provider

HashiCorp Consul and Consul Enterprise 1.18.20 up to 1.21.10 and 1.22.4 are vulnerable to arbitrary file read when configured with Kubernetes authentication. This vulnerability, CVE-2026-2808, is fixed in Consul 1.18.21, 1.21.11 and 1.22.5...

EUVD-2026-11487

HashiCorp Consul and Consul Enterprise 1.18.20 up to 1.21.10 and 1.22.4 are vulnerable to arbitrary file read when configured with Kubernetes authentication. This vulnerability, CVE-2026-2808, is fixed in Consul 1.18.21, 1.21.11 and 1.22.5...

Security Bulletin: Consul vulnerable to arbitrary file reads through the vault kubernetes authentication provider

Summary HashiCorp Consul and Consul Enterprise 1.18.20 up to 1.21.10 and 1.22.4 are vulnerable to arbitrary file read when configured with Kubernetes authentication. This vulnerability, CVE-2026-2808, is fixed in Consul 1.18.21, 1.21.11 and 1.22.5. Vulnerability Details CVEID:CVE-2026-2808...

CVE-2026-2808

HashiCorp Consul and Consul Enterprise 1.18.20 up to 1.21.10 and 1.22.4 are vulnerable to arbitrary file read when configured with Kubernetes authentication. This vulnerability, CVE-2026-2808, is fixed in Consul 1.18.21, 1.21.11 and 1.22.5...

PT-2024-8623 · Hashicorp +4 · Hashicorp Consul +4

Name of the Vulnerable Software and Affected Versions: Consul versions 1.9.0 through 1.20.1 Description: A vulnerability was identified in Consul such that using URL paths in L7 traffic intentions could bypass HTTP request path-based access rules. This issue allows a remote attacker to bypass...

UBUNTU-CVE-2022-40716

HashiCorp Consul and Consul Enterprise up to 1.11.8, 1.12.4, and 1.13.1 do not check for multiple SAN URI values in a CSR on the internal RPC endpoint, enabling leverage of privileged access to bypass service mesh intentions. Fixed in 1.11.9, 1.12.5, and 1.13.2."...

PT-2022-11486 · Hashicorp +3 · Hashicorp Consul +3

Name of the Vulnerable Software and Affected Versions: HashiCorp Consul versions 1.8.1 through 1.11.8 HashiCorp Consul version 1.12.4 HashiCorp Consul version 1.13.1 Description: The issue arises from improper validation of node or segment names prior to their interpolation and usage in JWT claim...

PT-2021-11191 · Hashicorp +2 · Hashicorp Consul +3

Name of the Vulnerable Software and Affected Versions: HashiCorp Consul and Consul Enterprise versions prior to 1.9.5 HashiCorp Consul and Consul Enterprise versions prior to 1.8.10 HashiCorp Consul and Consul Enterprise versions prior to 1.7.14 Description: The issue concerns a cross-site...

PT-2020-13397 · Hashicorp +1 · Hashicorp Consul +2

Name of the Vulnerable Software and Affected Versions: HashiCorp Consul versions 1.2.0 through 1.6.5 HashiCorp Consul versions 1.4.3 through 1.7.3 Description: The issue is related to a denial of service vulnerability in the HTTP API and DNS caching feature of HashiCorp Consul and Consul...

PT-2020-13371 · Hashicorp +1 · Hashicorp Consul +2

Name of the Vulnerable Software and Affected Versions: HashiCorp Consul and Consul Enterprise versions 1.4.0 through 1.6.5 HashiCorp Consul and Consul Enterprise versions 1.7.0 through 1.7.3 Description: The issue arises from the improper enforcement of scope for local tokens issued by a primary...

UBUNTU-CVE-2019-12291

HashiCorp Consul 1.4.0 through 1.5.0 has Incorrect Access Control. Keys not matching a specific ACL rule used for prefix matching in a policy can be deleted by a token using that policy even with default deny settings configured...