diff --git a/changelog/27518.txt b/changelog/27518.txt
new file mode 100644
index 0000000000..c8412c62b0
--- /dev/null
+++ b/changelog/27518.txt
@@ -0,0 +1,7 @@
+```release-note:bug
+agent: Fixed an issue causing excessive CPU usage during normal operation
+```
+
+```release-note:bug
+proxy: Fixed an issue causing excessive CPU usage during normal operation
+```
\ No newline at end of file
diff --git a/command/agent/template/template.go b/command/agent/template/template.go
index 402b5f50fc..f0619694a5 100644
--- a/command/agent/template/template.go
+++ b/command/agent/template/template.go
@@ -246,31 +246,24 @@ func (ts *Server) Run(ctx context.Context, incoming chan string, templates []*ct
 				ts.runner.Stop()
 				return nil
 			}
-		default:
-			// We are using default instead of a new case block to prioritize the case where <-incoming has a new value over
-			// receiving an error message from the consul-template server
-			select {
-			case err := <-ts.runner.ServerErrCh:
-				var responseError *api.ResponseError
-				ok := errors.As(err, &responseError)
-				if !ok {
-					ts.logger.Error("template server: could not extract error response")
-					continue
-				}
-				if responseError.StatusCode == 403 && strings.Contains(responseError.Error(), logical.ErrInvalidToken.Error()) && !tokenRenewalInProgress.Load() {
-					ts.logger.Info("template server: received invalid token error")
-
-					// Drain the error channel before sending a new error
-					select {
-					case <-invalidTokenCh:
-					default:
-					}
-					invalidTokenCh <- err
-				}
-			default:
+		case err := <-ts.runner.ServerErrCh:
+			var responseError *api.ResponseError
+			ok := errors.As(err, &responseError)
+			if !ok {
+				ts.logger.Error("template server: could not extract error response")
 				continue
 			}
+			if responseError.StatusCode == 403 && strings.Contains(responseError.Error(), logical.ErrInvalidToken.Error()) && !tokenRenewalInProgress.Load() {
+				ts.logger.Info("template server: received invalid token error")
 
+				// Drain the error channel and incoming channel before sending a new error
+				select {
+				case <-invalidTokenCh:
+				case <-incoming:
+				default:
+				}
+				invalidTokenCh <- err
+			}
 		}
 	}
 }
diff --git a/command/agentproxyshared/auth/auth.go b/command/agentproxyshared/auth/auth.go
index bcfbf3be9c..96f5026cbb 100644
--- a/command/agentproxyshared/auth/auth.go
+++ b/command/agentproxyshared/auth/auth.go
@@ -563,18 +563,12 @@ func (ah *AuthHandler) Run(ctx context.Context, am AuthMethod) error {
 				// Set authenticated when authentication succeeds
 				metrics.SetGauge([]string{ah.metricsSignifier, "authenticated"}, 1)
 				ah.logger.Info("renewed auth token")
-
 			case <-credCh:
 				ah.logger.Info("auth method found new credentials, re-authenticating")
 				break LifetimeWatcherLoop
-			default:
-				select {
-				case <-ah.InvalidToken:
-					ah.logger.Info("invalid token found, re-authenticating")
-					break LifetimeWatcherLoop
-				default:
-					continue
-				}
+			case <-ah.InvalidToken:
+				ah.logger.Info("invalid token found, re-authenticating")
+				break LifetimeWatcherLoop
 			}
 		}
 	}