CVE-2026-2808

Published: Mar 12, 2026 Last Modified: Mar 12, 2026

ExploitDB:

Other exploit source:

Google Dorks:

MEDIUM 6,8

Source: [email protected]

Attack Vector: network

Attack Complexity: low

Privileges Required: high

User Interaction: none

Scope: changed

Confidentiality: high

Integrity: none

Availability: none

Description

AI Translation Available

HashiCorp Consul and Consul Enterprise 1.18.20 up to 1.21.10 and 1.22.4 are vulnerable to arbitrary file read when configured with Kubernetes authentication. This vulnerability, CVE-2026-2808, is fixed in Consul 1.18.21, 1.21.11 and 1.22.5.

EPSS (Exploit Prediction Scoring System)

Trend Analysis

EPSS (Exploit Prediction Scoring System)

Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.

EPSS Score

0,0006

Percentile

0,2th

Updated

EPSS Score Trend (Last 5 Days)

Improper Link Resolution Before File Access ('Link Following')

Draft

Abstraction: Base Structure: Simple

Common Consequences

Security Scopes Affected:

Confidentiality Integrity Access Control Other

Potential Impacts:

Read Files Or Directories Modify Files Or Directories Bypass Protection Mechanism Execute Unauthorized Code Or Commands

Applicable Platforms

Operating Systems: Windows, Unix

Likelihood of Exploit: Medium

View CWE Details

https://discuss.hashicorp.com/t/hcsec-2026-02-consul-vulner…

https://discuss.hashicorp.com/t/hcsec-2026-02-consul-vulnerable-to-arbitrary-fi…

CVE-2026-2808

Description

EPSS (Exploit Prediction Scoring System)

EPSS (Exploit Prediction Scoring System)

EPSS Score Trend (Last 5 Days)

Improper Link Resolution Before File Access ('Link Following')

Common Consequences

Applicable Platforms

Iscriviti alla newsletter