What is CVE-2026-5061?

CVE-2026-5061 is a medium-severity vulnerability in Hashicorp Tooling, classified under Improper Link Resolution Before File Access. CVSS score: 4.7/10. Published 2026-05-12.

How severe is CVE-2026-5061?

Medium severity. CVSS v3 base score is 4.7 out of 10.

Vulnerability in Hashicorp Tooling

CVE-2026-5061

The consul-template library before version 0.42.0 is vulnerable to a sandbox path bypass in the file template helper that may allow reading an out-of-sandbox file. This vulnerability (CVE-2026-5061) is fixed in consul-template 0.42.0.

EPSS: 0.000 (7.5th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 4.7 (Medium). Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N.

Affected products

Hashicorp Tooling — versions 0.1.0

Weakness classification (CWE)

CWE-59 — Improper Link Resolution Before File Access

References

security@hashicorp.com

Frequently asked questions

What is CVE-2026-5061?: CVE-2026-5061 is a medium-severity vulnerability in Hashicorp Tooling, classified under Improper Link Resolution Before File Access. CVSS score: 4.7/10. Published 2026-05-12.
How severe is CVE-2026-5061?: Medium severity. CVSS v3 base score is 4.7 out of 10.