CVE-2026-14361
Received Received - Intake

Path Redirection in Consul-Template

Vulnerability report for CVE-2026-14361, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-08

Last updated on: 2026-07-08

Assigner: HashiCorp Inc.

Description

The consul-template library before version 0.42.1 is vulnerable to a path redirection issue in the writeToFile template helper that may allow template output to be written outside the intended directory or to overwrite an existing file. This vulnerability (CVE-2026-14361) is fixed in consul-template 0.42.1.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-08
Last Modified
2026-07-08
Generated
2026-07-09
AI Q&A
2026-07-09
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
hashicorp consul-template to 0.42.1 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-59 The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Compliance Impact

The vulnerability in consul-template before version 0.42.1 allows template output to be written outside the intended directory or to overwrite existing files, which can lead to unauthorized modification or exposure of sensitive data such as keys or certificates.

Such unauthorized data exposure or modification could impact compliance with standards and regulations like GDPR or HIPAA, which require strict controls over the confidentiality and integrity of sensitive information.

Exploitation requires local access and is more severe when consul-template runs with elevated privileges, increasing the risk of non-compliance due to potential data breaches or unauthorized data manipulation.

Upgrading to consul-template version 0.42.1 mitigates this risk and helps maintain compliance by preventing path redirection issues that could lead to data leakage or corruption.

Executive Summary

The consul-template library before version 0.42.1 has a path redirection vulnerability in its writeToFile template helper function. This function writes rendered template content to a local file, but it follows symbolic links and filesystem redirections without verifying the final destination path. An attacker with local access can exploit this by creating or modifying links in the target path, causing the output to be written outside the intended directory or to overwrite existing files.

Impact Analysis

This vulnerability can lead to unauthorized overwriting of files or writing data outside the intended directory, which may result in data corruption or exposure. It is especially dangerous if consul-template runs with elevated privileges or writes sensitive data such as keys or certificates, as an attacker could redirect output to overwrite critical files or place malicious content.

Detection Guidance

This vulnerability involves the writeToFile template helper in consul-template versions before 0.42.1, which may write output outside the intended directory or overwrite existing files by following symbolic links or filesystem redirections.

Detection involves verifying the version of consul-template installed and checking for any unexpected file writes or modifications outside intended directories, especially involving symbolic links.

  • Check the installed consul-template version with the command: consul-template --version
  • Search for symbolic links in directories used by consul-template's writeToFile function, for example: find /path/to/templates -type l -ls
  • Monitor file system changes or unexpected file overwrites in directories where consul-template writes output, using tools like inotifywait or auditd.
Mitigation Strategies

The primary mitigation step is to upgrade consul-template to version 0.42.1 or later, where this vulnerability is fixed.

Additionally, restrict local access to the system to prevent attackers from creating or modifying symbolic links or path components that could be exploited.

Run consul-template with the least privileges necessary to limit the impact of potential exploitation.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-14361. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart