CVE-2026-14361
Consul-template is vulnerable to path redirection in writeToFile through symlink attack
CVSS Score
4.7
EPSS Score
0.0%
EPSS Percentile
0th
The consul-template library before version 0.42.1 is vulnerable to a path redirection issue in the writeToFile template helper that may allow template output to be written outside the intended directory or to overwrite an existing file. This vulnerability (CVE-2026-14361) is fixed in consul-template 0.42.1.
| CWE | CWE-59 |
| Vendor | hashicorp |
| Product | tooling |
| Published | Jul 8, 2026 |
| Last Updated | Jul 8, 2026 |
Stay Ahead of the Next One
Get instant alerts for hashicorp tooling
Be the first to know when new medium vulnerabilities affecting hashicorp tooling are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Affected Versions
HashiCorp / Tooling
0.1.0 < 0.42.1
References
Credits
This issue was reported to HashiCorp by Mohamed Abdelaal (0xmrma).