AIKIDO-2026-10284
github.com/hashicorp/consul is vulnerable to Denial of Service (DoS)
26
Low Risk
This Affects:
github.com/hashicorp/consulTL;DR
Affected versions of this package do not enforce strict HTTP server timeout controls, allowing connections to remain open indefinitely and increasing exposure to Slowloris-style denial-of-service attacks. Without properly configured read, header, write, and idle timeouts, an attacker can open numerous concurrent connections and deliberately send partial or slow HTTP requests, exhausting server threads or file descriptors and degrading availability. This can be exploited by maintaining many half-open or slow-drip connections against the agent or connect proxy (including pprof endpoints), ultimately causing resource starvation and service disruption.
Who does this affect?
You are affected if you are using a version that falls within the vulnerable range.
Background info
github.com/hashicorp/consul is vulnerable to Denial of Service (DoS) in versions 0.1.0 - 1.22.3.
How to fix this
Upgrade the github.com/hashicorp/consul library to a patch version.
Are You Affected?
Connect your repositories to instantly see whether vulnerable or malicious packages exist in your codebase.
Free. No credit card required.
SOC 2Compliant
ISO 27001Compliant