Consul
This hub aggregates every CVE we track for Consul, a product in the oss libraries space. Use it to gauge the current risk picture and drill into individual advisories.
37
CVEs tracked
1
Critical
20
High
0
In CISA KEV
Severity distribution
HIGH20MEDIUM16CRITICAL1
Monthly trend
0
0
0
3
0
0
0
0
0
0
0
0
0
0
0
2
0
0
0
0
1
0
0
0
2024-072026-06
Latest CVEs
The 15 most recently published vulnerabilities affecting Consul.
- CVE-2026-2808Consul vulnerable to arbitrary file reads through the vault kubernetes authentication provider6.8
- CVE-2025-11374Consul's KV endpoint is vulnerable to denial of service6.5
- CVE-2025-11375Consul's event endpoint is vulnerable to denial of service6.5
- CVE-2024-10086Consul Vulnerable To Reflected XSS On Content-Type Error Manipulation6.1
- CVE-2024-10006Consul L7 Intentions Vulnerable To Headers Bypass8.3
- CVE-2024-10005Consul L7 Intentions Vulnerable To URL Path Bypass8.1
- CVE-2023-5332Dependency on Vulnerable Third-Party Component in GitLab5.9
- CVE-2023-3518JWT Auth in L7 Intentions Allow For Mismatched Service Identity and JWT Providers for Access7.4
- CVE-2023-1297 Consul Cluster Peering can Result in Denial of Service4.9
- CVE-2023-2816Consul Envoy Extension Downsteam Proxy Configuration By Upstream Service Owner8.7
- CVE-2023-0845Consul Server Panic when Ingress and API Gateways Configured with Peering4.9
- CVE-2022-3920Consul Peering Imported Nodes/Services Leak5.3
- CVE-2022-40716HashiCorp Consul and Consul Enterprise up to 1.11.8, 1.12.4, and 1.13.1 do not check for multiple SAN URI values in a CSR on the internal RPC endpoint, enabling leverage of privileged access to byp...6.5
- CVE-2021-41803HashiCorp Consul 1.8.1 up to 1.11.8, 1.12.4, and 1.13.1 do not properly validate the node or segment names prior to interpolation and usage in JWT claim assertions with the auto config RPC. Fixed i...7.1
- CVE-2022-29153HashiCorp Consul and Consul Enterprise up to 1.9.16, 1.10.9, and 1.11.4 may allow server side request forgery when the Consul client agent follows redirects returned by HTTP health check endpoints....7.5
Product normalization is registry-driven with AI assist and human review. How it works