diff --git a/.changelog/2787.txt b/.changelog/2787.txt
new file mode 100644
index 0000000000..2fe921ef23
--- /dev/null
+++ b/.changelog/2787.txt
@@ -0,0 +1,3 @@
+```release-note:improvement
+Add NET_BIND_SERVICE capability to restricted security context used for consul-dataplane
+```
diff --git a/charts/consul/templates/_helpers.tpl b/charts/consul/templates/_helpers.tpl
index cbb49ffaef..bdcf2ecb19 100644
--- a/charts/consul/templates/_helpers.tpl
+++ b/charts/consul/templates/_helpers.tpl
@@ -37,6 +37,8 @@ securityContext:
   capabilities:
     drop:
     - ALL
+    add:
+    - NET_BIND_SERVICE
   runAsNonRoot: true
   seccompProfile:
     type: RuntimeDefault
diff --git a/charts/consul/test/unit/server-statefulset.bats b/charts/consul/test/unit/server-statefulset.bats
index a2b2539066..063c62b1a3 100755
--- a/charts/consul/test/unit/server-statefulset.bats
+++ b/charts/consul/test/unit/server-statefulset.bats
@@ -858,7 +858,8 @@ load _helpers
   local expected=$(echo '{
     "allowPrivilegeEscalation": false,
     "capabilities": {
-      "drop": ["ALL"]
+      "drop": ["ALL"],
+      "add": ["NET_BIND_SERVICE"]
     },
     "runAsNonRoot": true,
     "seccompProfile": {
@@ -898,7 +899,8 @@ load _helpers
   local expected=$(echo '{
     "allowPrivilegeEscalation": false,
     "capabilities": {
-      "drop": ["ALL"]
+      "drop": ["ALL"],
+      "add": ["NET_BIND_SERVICE"]
     },
     "runAsNonRoot": true,
     "seccompProfile": {