CVE-2026-2808 is a vulnerability in HashiCorp Consul and Consul Enterprise versions 1.18.20 through 1.21.10 and 1.22.4 that arises from improper link resolution before file access, classified under CWE-59. This flaw allows an attacker to perform arbitrary file reads when Consul is configured to use Kubernetes authentication. The vulnerability stems from the software following symbolic links insecurely, enabling access to files outside intended directories. Exploitation requires the attacker to have high-level privileges (PR:H) and network access (AV:N), but no user interaction is needed (UI:N). The vulnerability impacts confidentiality by exposing potentially sensitive files, but does not affect integrity or availability. The scope is changed (S:C) because the vulnerability can affect resources beyond the initially intended scope. HashiCorp addressed this issue in subsequent patch releases: 1.18.21, 1.21.11, and 1.22.5. No known exploits are currently reported in the wild, but the presence of this vulnerability in widely used versions of Consul, especially in Kubernetes environments, makes it a significant concern for organizations relying on these configurations.

The primary impact of CVE-2026-2808 is unauthorized disclosure of sensitive information due to arbitrary file read capabilities. Attackers with high privileges on the network can exploit this vulnerability to access configuration files, credentials, or other sensitive data stored on the Consul server, potentially leading to further compromise of the environment. Since Consul is often used for service discovery and configuration in cloud-native and Kubernetes environments, exposure of such data can undermine the security of entire microservices architectures. Although the vulnerability does not directly affect system integrity or availability, the confidentiality breach can facilitate lateral movement, privilege escalation, or data exfiltration. Organizations with large-scale Kubernetes deployments and those using Consul for critical infrastructure services are at heightened risk, as attackers could leverage this vulnerability to gain insights into internal network configurations and secrets.

To mitigate CVE-2026-2808, organizations should immediately upgrade affected Consul versions to the patched releases: 1.18.21, 1.21.11, or 1.22.5. In addition to patching, administrators should audit and restrict Kubernetes authentication configurations to minimize exposure. Implement strict access controls and network segmentation to limit which users and services have high-level privileges capable of exploiting this vulnerability. Employ runtime security monitoring to detect unusual file access patterns or symbolic link traversals within Consul processes. Regularly review Consul server logs for suspicious activity and enforce the principle of least privilege for all Consul and Kubernetes service accounts. Finally, consider using file integrity monitoring solutions to detect unauthorized file reads or modifications in sensitive directories.