Untriaged
Permalink
CVE-2026-2808
6.8 MEDIUM
- CVSS version: 3.1
- Attack vector (AV):
- Attack complexity (AC):
- Privileges required (PR):
- User interaction (UI):
- Scope (S):
- Confidentiality impact (C):
- Integrity impact (I):
- Availability impact (A):
Consul vulnerable to arbitrary file reads through the vault kubernetes authentication provider
HashiCorp Consul and Consul Enterprise 1.18.20 up to 1.21.10 and 1.22.4 are vulnerable to arbitrary file read when configured with Kubernetes authentication. This vulnerability, CVE-2026-2808, is fixed in Consul 1.18.21, 1.21.11 and 1.22.5.
Affected products
Consul
- <1.22.5
Consul Enterprise
- <1.22.5
Matching in nixpkgs
pkgs.consul
Tool for service discovery, monitoring and configuration
pkgs.envconsul
Read and set environmental variables for processes from Consul
pkgs.consul-alerts
Extendable open source continuous integration server
pkgs.consul-template
Generic template rendering and notifications with Consul
pkgs.python312Packages.consul
Python client for Consul (https://www.consul.io/)
pkgs.python313Packages.consul
Python client for Consul (https://www.consul.io/)
pkgs.python314Packages.consul
Python client for Consul (https://www.consul.io/)
pkgs.prometheus-consul-exporter
Prometheus exporter for Consul metrics
pkgs.terraform-providers.consul
None
Package maintainers
-
@vdemeester Vincent Demeester <vincent@sbr.pm>
-
@techknowlogick techknowlogick <techknowlogick@gitea.com>
-
@nh2 Niklas Hambüchen <mail@nh2.me>
-
@cpcloud Phillip Cloud
-
@hectorj Hector Jusforgues <hector.jusforgues+nixos@gmail.com>
-
@desiderius Didier J. Devroye <didier@devroye.name>
-
@panicgh Nicolas Benes <nbenes.gh@xandea.de>