๐Ÿ” CVE Alert

CVE-2026-14361

MEDIUM 4.7

Consul-template is vulnerable to path redirection in writeToFile through symlink attack

CVSS Score
4.7
EPSS Score
0.0%
EPSS Percentile
0th

The consul-template library before version 0.42.1 is vulnerable to a path redirection issue in the writeToFile template helper that may allow template output to be written outside the intended directory or to overwrite an existing file. This vulnerability (CVE-2026-14361) is fixed in consul-template 0.42.1.

CWE CWE-59
Vendor hashicorp
Product tooling
Published Jul 8, 2026
Last Updated Jul 8, 2026
Stay Ahead of the Next One

Get instant alerts for hashicorp tooling

Be the first to know when new medium vulnerabilities affecting hashicorp tooling are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability

Affected Versions

HashiCorp / Tooling
0.1.0 < 0.42.1

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
discuss.hashicorp.com: https://discuss.hashicorp.com/t/hcsec-2026-20-consul-template-vulnerable-to-path-redirections-in-writetofile/77559

Credits

This issue was reported to HashiCorp by Mohamed Abdelaal (0xmrma).