PT-2026-24892 · Hashicorp · Hashicorp Consul Enterprise+1

Defang Bo

Publicado

2026-03-11

Atualizado

2026-03-25

CVE-2026-2808

CVSS v3.1

6.8

Média

Vetor

AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions HashiCorp Consul versions 1.18.20 through 1.21.10 HashiCorp Consul version 1.22.4 HashiCorp Consul Enterprise versions 1.18.20 through 1.21.10 HashiCorp Consul Enterprise version 1.22.4

Description HashiCorp Consul and Consul Enterprise are susceptible to an arbitrary file read issue when configured with Kubernetes authentication. The issue allows unauthorized access to files. The vulnerability is related to the vault kubernetes authentication provider.

Recommendations Versions 1.18.20 through 1.21.10: Upgrade to version 1.18.21 or 1.21.11. Version 1.22.4: Upgrade to version 1.22.5.

Correção

Link Following

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-59

Identificadores relacionados

BDU:2026-06157

BIT-CONSUL-2026-2808

CVE-2026-2808

GHSA-CPFQ-66P2-336J

GO-2026-4690

SUSE-SU-2026:1042-1

Produtos afetados

Hashicorp Consul

Hashicorp Consul Enterprise

PT-2026-24892 · Hashicorp · Hashicorp Consul Enterprise+1

CVE-2026-2808

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 145