VYPR
Moderate severityNVD Advisory· Published Mar 11, 2026· Updated Apr 17, 2026

Consul vulnerable to arbitrary file reads through the vault kubernetes authentication provider

CVE-2026-2808

Description

HashiCorp Consul and Consul Enterprise 1.18.20 up to 1.21.10 and 1.22.4 are vulnerable to arbitrary file read when configured with Kubernetes authentication. This vulnerability, CVE-2026-2808, is fixed in Consul 1.18.21, 1.21.11 and 1.22.5.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
github.com/hashicorp/consulGo
< 1.18.211.18.21
github.com/hashicorp/consulGo
>= 1.22.0-rc1, < 1.22.51.22.5
github.com/hashicorp/consulGo
>= 1.19.0, < 1.21.111.21.11

Affected products

5

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.