Consul vulnerable to arbitrary file reads through the vault kubernetes authentication provider

Vulnerability

Overview CVE-2026-2808 describes an arbitrary file read vulnerability in HashiCorp Consul and Consul Enterprise when configured with Kubernetes authentication [1][3]. The root cause lies in the Connect CA provider's use of the Vault Kubernetes authentication method. The provider reads a ServiceAccount token from a file path specified by the token_path configuration parameter. An attacker with operator write permission can set token_path to any file on the Consul server node, causing the file contents to be returned as JWT data and sent to Vault as part of the authentication request [3].

Exploitation

Prerequisites To exploit this vulnerability, an attacker must have operator write permissions within the Consul cluster. With these privileges, they can modify the token_path setting to point to an arbitrary file, such as /etc/shadow or other sensitive system files. The file contents are then exfiltrated through the Kubernetes authentication request to Vault, allowing the attacker to retrieve the data [3].

Impact

Successful exploitation leads to arbitrary file read from the Consul server host, potentially exposing sensitive information like configuration files, secrets, or system files. This can result in further compromise of the infrastructure [1][3].

Mitigation

HashiCorp has released patches in Consul 1.18.21, 1.21.11, and 1.22.5 that restrict token_path to a defined subset of directories, preventing arbitrary file reads [1][3][4]. Users should upgrade to these versions or later. No workarounds are available.