CVE-2026-5061

MEDIUM 4.7

Consul-template vulnerable to sandbox path bypass in file helper via a symlink attack

CVSS Score

4.7

EPSS Score

0.0%

EPSS Percentile

0th

The consul-template library before version 0.42.0 is vulnerable to a sandbox path bypass in the file template helper that may allow reading an out-of-sandbox file. This vulnerability (CVE-2026-5061) is fixed in consul-template 0.42.0.

CWE	CWE-59
Vendor	hashicorp
Product	tooling
Published	May 12, 2026
Last Updated	May 12, 2026

Stay Ahead of the Next One

Get instant alerts for hashicorp tooling

Be the first to know when new medium vulnerabilities affecting hashicorp tooling are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

Affected Versions

HashiCorp / Tooling

0.1.0 < 0.42.0

References

NVD ↗ CVE.org ↗ EPSS Data ↗

discuss.hashicorp.com: https://discuss.hashicorp.com/t/hcsec-2026-12-consul-template-vulnerable-to-sandbox-path-bypass-in-file-helper-through-symlink-attack/77414

Credits

This issue was reported to HashiCorp by Mohamed Abdelaal (0xmrma).