216.73.217.176

CVE-2026-2808

· Published 12/03/2026 00:16 · Modified 12/03/2026 21:07

Labels: CVE-2026-2808 2026-03-12CVE-2026-2808CWE-59[email protected]

Essential information

Published
12/03/2026 00:16
Modified
12/03/2026 21:07
Author
Creator
CVSS
6.8 MEDIUM (v3.1)
CISA KEV
No
CWE
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N

CVSS metrics

Description

HashiCorp Consul and Consul Enterprise 1.18.20 up to 1.21.10 and 1.22.4 are vulnerable to arbitrary file read when configured with Kubernetes authentication. This vulnerability, CVE-2026-2808, is fixed in Consul 1.18.21, 1.21.11 and 1.22.5.

NVD status

Status
Awaiting Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
hashicorp / consul cpe:2.3:a:hashicorp:consul:1.18.20-1.21.10:*:*:*:*:*:*:*
hashicorp / consul enterprise cpe:2.3:a:hashicorp:consul_enterprise:1.18.20-1.21.10:*:*:*:*:*:*:*
hashicorp / consul cpe:2.3:a:hashicorp:consul:1.22.4:*:*:*:*:*:*:*
hashicorp / consul enterprise cpe:2.3:a:hashicorp:consul_enterprise:1.22.4:*:*:*:*:*:*:*

References