MEDIUM SeverityCVSS 3.14.7CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

CVE-2026-5061

Last updated May 12, 2026 · Published May 12, 2026

Description

The consul-template library before version 0.42.0 is vulnerable to a sandbox path bypass in the file template helper that may allow reading an out-of-sandbox file. This vulnerability (CVE-2026-5061) is fixed in consul-template 0.42.0.

Affected products

1 listed

HashiCorp:Tooling

Mappings

CWE

CWE-59

CAPEC

CAPEC-132

Research

Path traversal: how to detect and prevent itPath traversal lets attackers read or write files outside intended directories. Normalise paths, resolve them…

Training

Secure File HandlingUploads, storage, and serving files without opening the door to attackers.

CVE-2026-5061

Description

Affected products

Mappings

Related