consul-template <0.42.0 Sandbox Path Bypass via file template helper
CVE-2026-5061 Published on May 12, 2026

Consul-template vulnerable to sandbox path bypass in file helper via a symlink attack
The consul-template library before version 0.42.0 is vulnerable to a sandbox path bypass in the file template helper that may allow reading an out-of-sandbox file. This vulnerability (CVE-2026-5061) is fixed in consul-template 0.42.0.

NVD

Weakness Type

What is an insecure temporary file Vulnerability?

The software attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

CVE-2026-5061 has been classified to as an insecure temporary file vulnerability or weakness.

Affected Versions

HashiCorp Tooling:

Version 0.1.0 and below 0.42.0 is affected.

consul-template <0.42.0 Sandbox Path Bypass via file template helperCVE-2026-5061 Published on May 12, 2026

Weakness Type

What is an insecure temporary file Vulnerability?

Affected Versions

consul-template <0.42.0 Sandbox Path Bypass via file template helper
CVE-2026-5061 Published on May 12, 2026