Skip to content

OpenTofu: Provider cache installation follows root-module-controlled package directory symlink and writes outside the working tree

Moderate severity GitHub Reviewed Published May 21, 2026 in opentofu/opentofu • Updated Jun 23, 2026

Package

gomod github.com/opentofu/opentofu (Go)

Affected versions

>= 1.11.0, < 1.11.7
< 1.10.10

Patched versions

1.11.7
1.10.10

Description

Summary

If a symlink already exists under the .terraform/providers directory where a provider package needs to be installed, tofu init would follow that symlink and install the new package content into it.

If an attacker can coerce an operator into running tofu init in a directory whose contents are attacker-controlled, they can include such a symlink along with instruction to install an attacker-controlled provider package at the path of that symlink, which would then cause OpenTofu to write the contents of that provider package into an arbitrary directory elsewhere in the filesystem if the OpenTofu process has sufficient permission to write there.

Details

OpenTofu permits provider cache entries to be symlinks to other locations because that is how the local cache in a specific working directory refers to matching entries in a global cache directory configured in the CLI configuration file.

Unfortunately, OpenTofu's provider installer was missing a rule to remove an existing symlink during installation if it refers to a directory that doesn't already match the expected provider package content. Instead, it would attempt to update the content of the target directory to match the content of the provider package.

If developers use OpenTofu with the TF_DATA_DIR environment variable set, note that the directory they specify in that environment variable is treated as a replacement location for the content that would normally be in the .terraform directory, and so it is that location which is sensitive to pre-existing symlinks.

In the newly-issued versions of OpenTofu, it is now considered an error if any existing directory entry is present in the cache whose content does not already match the expected package content. As before, if an existing entry is present and its content already matches the expected package content then OpenTofu makes no changes to the target directory and just uses it as-is.

Workaround

If developers cannot upgrade to a fixed version immediately, OpenTofu recommends that they ensure that there is no .terraform directory already present when running tofu init for the first time in a new working directory. The absence of that directory guarantees that there cannot be a conflicting symlink.

For an extra line of defense, verify before running tofu init that there are no symlinks anywhere under the current working directory that refer to any path above the current working directory. This limits the scope of attack only to other files in the same working directory, which the attacker already controls in this scenario.

Notes and Resources

  • OpenTofu thanks Francesco Sabiu (@fsabiu) for finding and responsibly disclosing this vulnerability.

  • Generally-speaking, the OpenTofu project expects that operators will run tofu init only in directories containing content they trust.

    OpenTofu prioritized addressing this specific concern because a successful attack can write arbitrary files into an arbitrary directory and therefore the potential impact is relatively high and the solution to the problem is low-risk, but this is a pragmatic exception to the usual threat model and there aren't any plans for broader hardening of OpenTofu against attacks of this type. OpenTofu recommends that developers ensure that their working directory contents are as they expect before running tofu init.

    In particular: it remains possible for an attacker to place a symlink at some higher point in the directory structure of the provider cache, into which OpenTofu will construct subdirectories needed to create the remaining provider cache directory structure. OpenTofu evaluated that as a less severe concern because it does not give the attacker full control over what is written into the target directory, but note that this does still allow an attacker to write arbitrary content into a directory two levels beneath the target when placing the symlink at the hostname level of the cache directory structure.

  • The original fix for this issue is in opentofu/opentofu#4082. It was backported as follows:

References

@apparentlymart apparentlymart published to opentofu/opentofu May 21, 2026
Published to the GitHub Advisory Database Jun 23, 2026
Reviewed Jun 23, 2026
Last updated Jun 23, 2026

Severity

Moderate

CVSS overall score

This score calculates overall vulnerability severity from 0 to 10 and is based on the Common Vulnerability Scoring System (CVSS).
/ 10

CVSS v3 base metrics

Attack vector
Network
Attack complexity
High
Privileges required
None
User interaction
Required
Scope
Changed
Confidentiality
None
Integrity
High
Availability
None

CVSS v3 base metrics

Attack vector: More severe the more the remote (logically and physically) an attacker can be in order to exploit the vulnerability.
Attack complexity: More severe for the least complex attacks.
Privileges required: More severe if no privileges are required.
User interaction: More severe when no user interaction is required.
Scope: More severe when a scope change occurs, e.g. one vulnerable component impacts resources in components beyond its security scope.
Confidentiality: More severe when loss of data confidentiality is highest, measuring the level of data access available to an unauthorized user.
Integrity: More severe when loss of data integrity is the highest, measuring the consequence of data modification possible by an unauthorized user.
Availability: More severe when the loss of impacted component availability is highest.
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:N

EPSS score

Weaknesses

UNIX Symbolic Link (Symlink) Following

The product, when opening a file or directory, does not sufficiently account for when the file is a symbolic link that resolves to a target outside of the intended control sphere. This could allow an attacker to cause the product to operate on unauthorized files. Learn more on MITRE.

CVE ID

No known CVE

GHSA ID

GHSA-wcmj-x466-56mm

Source code

Loading Checking history
See something to contribute? Suggest improvements for this vulnerability.