CVE-2026-2808 Kubernetes — Exploit & Vulnerability Details MEDIUM

CVE-2026-2808

MEDIUM CVSS 3.1: 6.8 EPSS 0.06%

Parameter	Value
CVSS	6.8 (MEDIUM)
Type	CWE-59 (Improper Link Resolution)
Vendor	Kubernetes
Public PoC	No

HashiCorp Consul and Consul Enterprise 1.18.20 up to 1.21.10 and 1.22.4 are vulnerable to arbitrary file read when configured with Kubernetes authentication. This vulnerability, CVE-2026-2808, is fixed in Consul 1.18.21, 1.21.11 and 1.22.5.

Attack Parameters

Attack Vector

Network

Can be exploited remotely

Attack Complexity

Low

Easy to exploit

Privileges Required

High

Admin privileges needed

User Interaction

None

No user interaction needed

Impact Assessment

Confidentiality

High

Complete data leak

Integrity

None

No data modification

Availability

None

No disruption

CVSS Vector v3.1

Weakness Type (CWE)

CWE-59 Improper Link Resolution

References 1

https://discuss.hashicorp.com/t/hcsec-2026-02-consul-vulnerable-to-arbitrary-fi…

security@hashicorp.com

Share Post Share Share Share

Related Vulnerabilities

CVE-2026-31890

Kubernetes

4.8

CVE-2026-31866

Kubernetes

7.5

CVE-2026-31892

Kubernetes

8.9

CVE-2026-28229

Kubernetes

9.8

CVE-2026-29773

Kubernetes

4.3

Menu

CVE-2026-2808

Attack Parameters

Impact Assessment

CVSS Vector v3.1

Weakness Type (CWE)

References 1

Related Vulnerabilities

CVE-2026-31890

CVE-2026-31866

CVE-2026-31892

CVE-2026-28229

CVE-2026-29773

CVE Details

Editor's Choice

Menu

CVE-2026-2808

Attack Parameters

Impact Assessment

CVSS Vector v3.1

Weakness Type (CWE)

References 1

Related Vulnerabilities

CVE-2026-31890

CVE-2026-31866

CVE-2026-31892

CVE-2026-28229

CVE-2026-29773

CVE Details

Editor's Choice

Stay informed on cybersecurity