Skip to main content

consul-template CVE-2026-5061

| EUVDEUVD-2026-29483 MEDIUM
Improper Link Resolution Before File Access (CWE-59)
2026-05-12 HashiCorp GHSA-m633-g3vp-7qw3
4.7
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
4.7 MEDIUM
AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
Attack Vector
Local
Attack Complexity
High
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

3
Patch available
May 12, 2026 - 16:02 EUVD
Analysis Generated
May 12, 2026 - 15:30 vuln.today
CVE Published
May 12, 2026 - 13:58 nvd
MEDIUM 4.7

DescriptionCVE.org

The consul-template library before version 0.42.0 is vulnerable to a sandbox path bypass in the file template helper that may allow reading an out-of-sandbox file. This vulnerability (CVE-2026-5061) is fixed in consul-template 0.42.0.

AnalysisAI

Sandbox path bypass in consul-template before 0.42.0 allows local authenticated users to read files outside the intended sandbox via symlink attack in the file template helper. The vulnerability requires local access and elevated privileges but grants high confidentiality impact. Vendor-released patch available in version 0.42.0.

Technical ContextAI

consul-template is a HashiCorp tool that manages template rendering using data from Consul. The file template helper function implements a sandbox mechanism intended to restrict file access to a designated directory. The vulnerability exploits improper handling of symlinks (CWE-59: Improper Link Resolution Before File Access, a.k.a. 'link following' or 'symlink race') in the file helper, allowing an authenticated local user to bypass sandbox restrictions by crafting symlink paths that traverse outside the sandbox boundary. The CPE identifies the HashiCorp tooling product suite, and the specific vulnerability affects the templating library's file access control logic.

RemediationAI

Upgrade consul-template to version 0.42.0 or later immediately. This is the vendor-released patch that resolves the symlink-based sandbox bypass. Organizations unable to upgrade immediately should restrict local user access to systems running consul-template and disable file template helper functionality if not required for operations. Additionally, enforce strict filesystem permissions to prevent untrusted users from creating symlinks in directories where templates are rendered or where template input files are stored. Monitor template execution logs for suspicious file access patterns or symlink traversal attempts. Note that restricting the file helper may impact template functionality, so coordinate with application teams before implementing this control.

Share

CVE-2026-5061 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy