CVE-2025-11374
published 2025-10-28CVE-2025-11374: Consul and Consul Enterprise’s (“Consul”) key/value endpoint is vulnerable to denial of service (DoS) due to incorrect Content Length header validation. This…
PriorityP336medium6.5CVSS 3.1
AVNACLPRLUINSUCNINAH
EPSS
0.40%
32.0th percentile
Consul and Consul Enterprise’s (“Consul”) key/value endpoint is vulnerable to denial of service (DoS) due to incorrect Content Length header validation. This vulnerability, CVE-2025-11374, is fixed in Consul Community Edition 1.22.0 and Consul Enterprise 1.22.0, 1.21.6, 1.20.8 and 1.18.12.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | consul | — | — |
| github.com | hashicorp_consul | >= 0 < 1.22.0 | 1.22.0 |
| hashicorp | consul | < 1.18.12 | 1.18.12 |
| hashicorp | consul | < 1.22.0 | 1.22.0 |
| hashicorp | consul | >= 1.19.0 < 1.20.8 | 1.20.8 |
| hashicorp | consul | >= 1.21.0 < 1.21.6 | 1.21.6 |
| hashicorp | consul_enterprise | < 1.22.0 | 1.22.0 |
CVSS provenance
nvdv3.16.5MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
ghsa6.5MEDIUM
osv6.5MEDIUM
vendor_debian6.5MEDIUM
vendor_redhat6.5MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
Consul key/value endpoint is vulnerable to denial of service in github.com/hashicorp/consul
osv·2025-11-05
CVE-2025-11374 Consul key/value endpoint is vulnerable to denial of service in github.com/hashicorp/consul
Consul key/value endpoint is vulnerable to denial of service in github.com/hashicorp/consul
Consul key/value endpoint is vulnerable to denial of service in github.com/hashicorp/consul
OSV
Consul key/value endpoint is vulnerable to denial of service
osv·2025-10-28·CVSS 6.5
CVE-2025-11374 [MEDIUM] Consul key/value endpoint is vulnerable to denial of service
Consul key/value endpoint is vulnerable to denial of service
Consul and Consul Enterprise’s (“Consul”) key/value endpoint is vulnerable to denial of service (DoS) due to incorrect Content Length header validation. This vulnerability, CVE-2025-11374, is fixed in Consul Community Edition 1.22.0 and Consul Enterprise 1.22.0, 1.21.6, 1.20.8 and 1.18.12.
GHSA
Consul key/value endpoint is vulnerable to denial of service
ghsa·2025-10-28·CVSS 6.5
CVE-2025-11374 [MEDIUM] CWE-770 Consul key/value endpoint is vulnerable to denial of service
Consul key/value endpoint is vulnerable to denial of service
Consul and Consul Enterprise’s (“Consul”) key/value endpoint is vulnerable to denial of service (DoS) due to incorrect Content Length header validation. This vulnerability, CVE-2025-11374, is fixed in Consul Community Edition 1.22.0 and Consul Enterprise 1.22.0, 1.21.6, 1.20.8 and 1.18.12.
OSV
CVE-2025-11374: Consul and Consul Enterprise’s (“Consul”) key/value endpoint is vulnerable to denial of service (DoS) due to incorrect Content Length header validatio
osv·2025-10-28·CVSS 6.5
CVE-2025-11374 [MEDIUM] CVE-2025-11374: Consul and Consul Enterprise’s (“Consul”) key/value endpoint is vulnerable to denial of service (DoS) due to incorrect Content Length header validatio
Consul and Consul Enterprise’s (“Consul”) key/value endpoint is vulnerable to denial of service (DoS) due to incorrect Content Length header validation. This vulnerability, CVE-2025-11374, is fixed in Consul Community Edition 1.22.0 and Consul Enterprise 1.22.0, 1.21.6, 1.20.8 and 1.18.12.
Red Hat
github.com/hashicorp/consul: Consul's KV endpoint is vulnerable to denial of service
vendor_redhat·2025-10-28·CVSS 6.5
CVE-2025-11374 [MEDIUM] CWE-770 github.com/hashicorp/consul: Consul's KV endpoint is vulnerable to denial of service
github.com/hashicorp/consul: Consul's KV endpoint is vulnerable to denial of service
Consul and Consul Enterprise’s (“Consul”) key/value endpoint is vulnerable to denial of service (DoS) due to incorrect Content Length header validation. This vulnerability, CVE-2025-11374, is fixed in Consul Community Edition 1.22.0 and Consul Enterprise 1.22.0, 1.21.6, 1.20.8 and 1.18.12.
A denial of service flaw has been discovered in Hashicorp Consul. The key/value endpoint is vulnerable to denial of service (DoS) due to incorrect Content Length header validation.
Mitigation: Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stabi
Debian
CVE-2025-11374: consul - Consul and Consul Enterprise’s (“Consul”) key/value endpoint is vulnerable to de...
vendor_debian·2025·CVSS 6.5
CVE-2025-11374 [MEDIUM] CVE-2025-11374: consul - Consul and Consul Enterprise’s (“Consul”) key/value endpoint is vulnerable to de...
Consul and Consul Enterprise’s (“Consul”) key/value endpoint is vulnerable to denial of service (DoS) due to incorrect Content Length header validation. This vulnerability, CVE-2025-11374, is fixed in Consul Community Edition 1.22.0 and Consul Enterprise 1.22.0, 1.21.6, 1.20.8 and 1.18.12.
Scope: local
bullseye: open
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2025-11374 golang-github-hashicorp-consul: Consul's KV endpoint is vulnerable to denial of service [fedora-42]
bugzilla·2025-10-29·CVSS 6.5
CVE-2025-11374 [MEDIUM] CVE-2025-11374 golang-github-hashicorp-consul: Consul's KV endpoint is vulnerable to denial of service [fedora-42]
CVE-2025-11374 golang-github-hashicorp-consul: Consul's KV endpoint is vulnerable to denial of service [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora
Wiz
CVE-2026-2808 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.3
CVE-2026-2808 [HIGH] CVE-2026-2808 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-2808 :
Consul vulnerability analysis and mitigation
HashiCorp Consul and Consul Enterprise 1.18.20 up to 1.21.10 and 1.22.4 are vulnerable to arbitrary file read when configured with Kubernetes authentication. This vulnerability, CVE-2026-2808, is fixed in Consul 1.18.21, 1.21.11 and 1.22.5.
Source : NVD
## 6.8
Score
Published March 12, 2026
Severity MEDIUM
CNA Score 6.8
Affected Technologies
Consul
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 6.2
Exploitation Probability (EPSS) N/A
Affected packages and libraries
cpe:2.3:a:hashicorp:consul
consul
Sources
NVD
Debian 11 Severity MEDIUM No Fix Added at: Mar 13, 2026
GoLang Severity MEDIUM Has Fix Added at: Mar 13,
2025-10-28
Published