CVE-2026-5061— Consul-template vulnerable to sandbox path bypass in file helper via a symlink attack
Possible ATT&CK Techniques 1AI
T1083 · File and Directory DiscoveryGet alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-5061
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Consul-template vulnerable to sandbox path bypass in file helper via a symlink attack
Source: NVD (National Vulnerability Database)
Vulnerability Description
The consul-template library before version 0.42.0 is vulnerable to a sandbox path bypass in the file template helper that may allow reading an out-of-sandbox file. This vulnerability (CVE-2026-5061) is fixed in consul-template 0.42.0.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
在文件访问前对链接解析不恰当(链接跟随)
Source: NVD (National Vulnerability Database)
Vulnerability Title
HashiCorp Tooling 后置链接漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
HashiCorp Tooling是美国HashiCorp公司的一系列面向基础设施自动化、云资源管理与安全运维的软件工具。 HashiCorp Tooling 0.42.0之前版本存在后置链接漏洞,该漏洞源于文件模板助手存在沙箱路径绕过,可能导致读取沙箱外文件。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
II. Public POCs for CVE-2026-5061
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-5061
请登录查看更多情报信息。
Same Patch Batch · HashiCorp · 2026-05-12 · 4 CVEs total
| CVE-2026-7474 | 8.8 HIGH | Nomad vulnerable to path traversal in dynamic host volume which may lead to code execution |
| CVE-2026-6959 | 6.0 MEDIUM | Nomad vulnerable to arbitrary file read/write on client host through symlink attack |
| CVE-2026-8052 | 6.0 MEDIUM | Nomad's exec2 task driver vulnerable to arbitrary file read/write on client host through s |
IV. Related Vulnerabilities
Same vendor: HashiCorp
- CVE-2026-7474
Nomad vulnerable to path traversal in dynamic host volume wh - CVE-2026-8052
Nomad's exec2 task driver vulnerable to arbitrary file read/ - CVE-2026-6959
Nomad vulnerable to arbitrary file read/write on client host - CVE-2026-7776
Boundary Workers Vulnerable to Denial of Service During TLS - CVE-2026-5807
Vault Vulnerable to Denial-of-Service via Unauthenticated Ro
Same weakness: CWE-59
- CVE-2026-45539
Microsoft APM: Symlinks under `.apm/prompts/` and `.apm/agen - CVE-2026-44471
gitoxide: Symlink prefix-reuse allows worktree escape during - CVE-2026-43998
vm2: NodeVM require.root bypass via symlink traversal allows - CVE-2026-44470
Claude Desktop: Local Privilege Escalation via Directory Jun - CVE-2026-44220
ciguard: discover_pipeline_files follows symlinks out of sca
V. Comments for CVE-2026-5061
No comments yet