{"id":"GO-2026-4690","summary":"Consul is vulnerable to arbitrary file read when configured with Kubernetes authentication in github.com/hashicorp/consul","details":"Consul is vulnerable to arbitrary file read when configured with Kubernetes authentication in github.com/hashicorp/consul","aliases":["BIT-consul-2026-2808","CVE-2026-2808","GHSA-cpfq-66p2-336j"],"modified":"2026-03-16T18:56:06.482800Z","published":"2026-03-16T18:33:12Z","database_specific":{"review_status":"REVIEWED","url":"https://pkg.go.dev/vuln/GO-2026-4690"},"references":[{"type":"ADVISORY","url":"https://github.com/advisories/GHSA-cpfq-66p2-336j"},{"type":"WEB","url":"https://discuss.hashicorp.com/t/hcsec-2026-02-consul-vulnerable-to-arbitrary-file-reads-through-the-vault-kubernetes-authentication-provider/77232"}],"affected":[{"package":{"name":"github.com/hashicorp/consul","ecosystem":"Go","purl":"pkg:golang/github.com/hashicorp/consul"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"},{"fixed":"1.22.5"}]}],"ecosystem_specific":{"custom_ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.18.21"},{"introduced":"1.19.0"},{"fixed":"1.21.11"},{"introduced":"1.22.0-rc1"},{"fixed":"1.22.5"}]}]},"database_specific":{"source":"https://vuln.go.dev/ID/GO-2026-4690.json"}}],"schema_version":"1.7.5"}