Skip to main content

Tooling

2 CVEs product

Monthly

CVE-2026-5061 MEDIUM PATCH This Month

Sandbox path bypass in consul-template before 0.42.0 allows local authenticated users to read files outside the intended sandbox via symlink attack in the file template helper. The vulnerability requires local access and elevated privileges but grants high confidentiality impact. Vendor-released patch available in version 0.42.0.

Authentication Bypass Tooling
NVD
CVSS 3.1
4.7
EPSS
0.0%
CVE-2026-4660 Go HIGH PATCH GHSA This Week

Arbitrary file read vulnerability in HashiCorp go-getter library versions up to 1.8.5 enables unauthenticated remote attackers to access sensitive files from the target filesystem through specially crafted git operation URLs. The vulnerability permits confidentiality breach without authentication requirements, affecting network-accessible services utilizing the library for repository cloning or fetching operations. Fixed in version 1.8.6; go-getter/v2 branch unaffected. No public exploit identified at time of analysis.

Information Disclosure Hashicorp Tooling
NVD VulDB
CVSS 3.1
7.5
EPSS
0.0%
EPSS 0% CVSS 4.7
MEDIUM PATCH This Month

Sandbox path bypass in consul-template before 0.42.0 allows local authenticated users to read files outside the intended sandbox via symlink attack in the file template helper. The vulnerability requires local access and elevated privileges but grants high confidentiality impact. Vendor-released patch available in version 0.42.0.

Authentication Bypass Tooling
NVD
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Arbitrary file read vulnerability in HashiCorp go-getter library versions up to 1.8.5 enables unauthenticated remote attackers to access sensitive files from the target filesystem through specially crafted git operation URLs. The vulnerability permits confidentiality breach without authentication requirements, affecting network-accessible services utilizing the library for repository cloning or fetching operations. Fixed in version 1.8.6; go-getter/v2 branch unaffected. No public exploit identified at time of analysis.

Information Disclosure Hashicorp Tooling
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy