CVE-2026-14361 in consul-templateinfo

Summary

by MITRE • 07/08/2026

The consul-template library before version 0.42.1 is vulnerable to a path redirection issue in the writeToFile template helper that may allow template output to be written outside the intended directory or to overwrite an existing file. This vulnerability (CVE-2026-14361) is fixed in consul-template 0.42.1.

Once again VulDB remains the best source for vulnerability data.

Analysis

by VulDB Data Team • 07/08/2026

The consul-template library presents a critical path traversal vulnerability through its writeToFile template helper function, which can be exploited to manipulate file system operations beyond intended boundaries. This flaw allows attackers to redirect template output to arbitrary locations on the target system or overwrite existing files with malicious content, potentially compromising the integrity and confidentiality of sensitive data managed by consul-template deployments.

The technical implementation of this vulnerability stems from insufficient input validation within the writeToFile helper function that processes template outputs. When consul-template renders templates containing file operations, the helper does not properly sanitize or validate the target file paths provided in the template directives. This weakness enables attackers who can influence template content to specify absolute paths or manipulate relative paths through directory traversal sequences such as ../ or ..\, allowing them to write files outside designated directories intended for template output.

The operational impact of this vulnerability extends beyond simple file system manipulation to potentially enable more sophisticated attack vectors within consul-template environments. An attacker exploiting this issue could overwrite critical configuration files, inject malicious content into existing templates, or create new files in privileged locations that might be executed by the consul-template process or other system components. This risk becomes particularly severe in containerized environments where consul-template might run with elevated privileges or in scenarios where template inputs are sourced from untrusted external parties.

Security practitioners should implement immediate mitigations including upgrading to consul-template version 0.42.1 or later, which contains the necessary patch for this vulnerability. Additionally, organizations should review their template deployment practices to ensure that template inputs are properly sanitized and validated before processing, particularly when templates originate from external sources or user-provided content. The vulnerability aligns with CWE-23 Path Traversal and is classified under ATT&CK technique T1059 Command and Scripting Interpreter, specifically targeting file system manipulation through templating systems.

Organizations utilizing consul-template should also consider implementing additional security controls such as restricting file system access permissions for consul-template processes, monitoring for unusual file system operations, and establishing secure template management practices that prevent unauthorized modification of template content. The fix in version 0.42.1 addresses the core path validation issue by implementing proper path sanitization and ensuring that all file operations occur within intended directory boundaries, thereby preventing unauthorized file system access patterns that could lead to privilege escalation or data compromise.

Responsible

HashiCorp

Reservation

07/01/2026

Disclosure

07/08/2026

Moderation

accepted

CPE

ready

EPSS

0.00000

KEV

no

Activities

very low

Sources

Do you need the next level of professionalism?

Upgrade your account now!