Path Redirection Vulnerability in Consul-Template by HashiCorp
CVE-2026-14361
4.7MEDIUM
What is CVE-2026-14361?
The Consul-Template library prior to version 0.42.1 contains a vulnerability that allows malicious users to exploit a path redirection issue in the writeToFile template helper. This flaw can lead to the output of templates being written outside of the designated directory or overwriting existing files, potentially compromising system integrity and security. It is crucial for users to update to Consul-Template version 0.42.1 or later to mitigate this risk.
Affected Version(s)
Tooling 64 bit 0.1.0 < 0.42.1
References
CVSS V3.1
Score:
4.7
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Local
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved
Credit
This issue was reported to HashiCorp by Mohamed Abdelaal (0xmrma).