Lucene search
+L

981 matches found

ibm
ibm
added 2026/07/08 9:23 p.m.3 views

Security Bulletin: Nomad vulnerable to cross-namespace host volume claim deletion

Summary HashiCorp Nomad and Nomad Enterprise are vulnerable to a cross-namespace authorization bypass in the dynamic host volumes feature that may allow an operator holding the host volume delete permission in one namespace to delete a sticky volume claim belonging to a job in another namespace...

4.2CVSS5.9AI score0.0016EPSS
Exploits0Affected Software1
nvd
nvd
added 2026/07/08 9:16 p.m.6 views

CVE-2026-14896

HashiCorp Nomad and Nomad Enterprise are vulnerable to a cross-namespace authorization bypass in the dynamic host volumes feature that may allow an operator holding the host volume delete permission in one namespace to delete a sticky volume claim belonging to a job in another namespace. This...

4.2CVSS0.0016EPSS
Exploits0References1
osv
osv
added 2026/07/08 9:16 p.m.4 views

UBUNTU-CVE-2026-14896

HashiCorp Nomad and Nomad Enterprise are vulnerable to a cross-namespace authorization bypass in the dynamic host volumes feature that may allow an operator holding the host volume delete permission in one namespace to delete a sticky volume claim belonging to a job in another namespace. This...

4.2CVSS6.1AI score0.0016EPSS
Exploits0References2
cvelist
cvelist
added 2026/07/08 8:21 p.m.32 views

CVE-2026-14896 Nomad vulnerable to cross-namespace host volume claim deletion

HashiCorp Nomad and Nomad Enterprise are vulnerable to a cross-namespace authorization bypass in the dynamic host volumes feature that may allow an operator holding the host volume delete permission in one namespace to delete a sticky volume claim belonging to a job in another namespace. This...

4.2CVSS0.0016EPSS
Exploits0References1
euvd
euvd
added 2026/07/08 8:21 p.m.6 views

EUVD-2026-42392

HashiCorp Nomad and Nomad Enterprise are vulnerable to a cross-namespace authorization bypass in the dynamic host volumes feature that may allow an operator holding the host volume delete permission in one namespace to delete a sticky volume claim belonging to a job in another namespace. This...

4.2CVSS6AI score0.0016EPSS
Exploits0References1
cve
cve
added 2026/07/08 8:21 p.m.9 views

CVE-2026-14896

HashiCorp Nomad and Nomad Enterprise are vulnerable to a cross-namespace authorization bypass in the dynamic host volumes feature, potentially allowing an operator with host volume delete permission in one namespace to delete a sticky volume claim belonging to a job in another namespace. Root cau...

4.2CVSS6AI score0.0016EPSS
Exploits0References1
hashicorp
hashicorp
added 2026/07/08 8:18 p.m.9 views

Nomad vulnerable to cross-namespace host volume claim deletion

Summary HashiCorp Nomad and Nomad Enterprise are vulnerable to a cross-namespace authorization bypass in the dynamic host volumes feature that may allow an operator holding the host volume delete permission in one namespace to delete a sticky volume claim belonging to a job in another namespace...

4.2CVSS6.1AI score0.0016EPSS
Exploits0Affected Software1
nvd
nvd
added 2026/07/08 8:16 p.m.7 views

CVE-2026-14373

HashiCorp Nomad and Nomad Enterprise did not enforce the allowprivileged restriction for the Docker task driver's host namespace mode options. This may allow an authenticated job submitter to run a container in a host namespace and access information belonging to the host or to other workloads on...

7.7CVSS0.00248EPSS
Exploits0References1
nvd
nvd
added 2026/07/08 8:16 p.m.7 views

CVE-2026-14891

HashiCorp Nomad and Nomad Enterprise are vulnerable to a sandbox escape in the Docker task driver that may allow a job submitter to bind-mount a host path into a container even when volume bind mounts are disabled, potentially leading to reading and writing files on the host. This vulnerability,...

8.7CVSS0.00316EPSS
Exploits0References1
osv
osv
added 2026/07/08 8:16 p.m.3 views

UBUNTU-CVE-2026-14373

HashiCorp Nomad and Nomad Enterprise did not enforce the allowprivileged restriction for the Docker task driver's host namespace mode options. This may allow an authenticated job submitter to run a container in a host namespace and access information belonging to the host or to other workloads on...

7.7CVSS6.1AI score0.00248EPSS
Exploits0References2
osv
osv
added 2026/07/08 8:16 p.m.2 views

UBUNTU-CVE-2026-14891

HashiCorp Nomad and Nomad Enterprise are vulnerable to a sandbox escape in the Docker task driver that may allow a job submitter to bind-mount a host path into a container even when volume bind mounts are disabled, potentially leading to reading and writing files on the host. This vulnerability,...

8.7CVSS6.1AI score0.00316EPSS
Exploits0References2
cvelist
cvelist
added 2026/07/08 8:9 p.m.36 views

CVE-2026-14891 Nomad vulnerable to sandbox escape in Docker task driver

HashiCorp Nomad and Nomad Enterprise are vulnerable to a sandbox escape in the Docker task driver that may allow a job submitter to bind-mount a host path into a container even when volume bind mounts are disabled, potentially leading to reading and writing files on the host. This vulnerability,...

8.7CVSS0.00316EPSS
Exploits0References1
cve
cve
added 2026/07/08 8:9 p.m.15 views

CVE-2026-14891

HashiCorp Nomad and Nomad Enterprise are affected by a sandbox escape in the Docker task driver that can allow a job submitter to bind-mount a host path into a container, potentially enabling reading/writing host files even when volume bind mounts are disabled. Affected versions include Nomad Com...

8.7CVSS6AI score0.00316EPSS
Exploits0References1
euvd
euvd
added 2026/07/08 8:9 p.m.6 views

EUVD-2026-42345

HashiCorp Nomad and Nomad Enterprise are vulnerable to a sandbox escape in the Docker task driver that may allow a job submitter to bind-mount a host path into a container even when volume bind mounts are disabled, potentially leading to reading and writing files on the host. This vulnerability,...

8.7CVSS6AI score0.00316EPSS
Exploits0References1
hashicorp
hashicorp
added 2026/07/08 8:7 p.m.7 views

Nomad vulnerable to sandbox escape in Docker task driver

Summary HashiCorp Nomad and Nomad Enterprise are vulnerable to a sandbox escape in the Docker task driver that may allow a job submitter to bind-mount a host path into a container even when volume bind mounts are disabled, potentially leading to reading and writing files on the host. This...

8.7CVSS6.2AI score0.00316EPSS
Exploits0Affected Software1
ibm
ibm
added 2026/07/08 6:35 p.m.3 views

Security Bulletin: Nomad Docker driver Linux host namespace bypass

Summary HashiCorp Nomad and Nomad Enterprise did not enforce the allowprivileged restriction for the Docker task driver's host namespace mode options. This may allow an authenticated job submitter to run a container in a host namespace and access information belonging to the host or to other...

7.7CVSS5.9AI score0.00248EPSS
Exploits0Affected Software1
cvelist
cvelist
added 2026/07/08 5:29 p.m.34 views

CVE-2026-14373 Nomad Docker driver Linux host namespace bypass

HashiCorp Nomad and Nomad Enterprise did not enforce the allowprivileged restriction for the Docker task driver's host namespace mode options. This may allow an authenticated job submitter to run a container in a host namespace and access information belonging to the host or to other workloads on...

7.7CVSS0.00248EPSS
Exploits0References1
cve
cve
added 2026/07/08 5:29 p.m.9 views

CVE-2026-14373

HashiCorp Nomad and Nomad Enterprise are affected by CVE-2026-14373 where the Docker task driver did not enforce allow_privileged for host namespace mode options (process, IPC, user, UTS). This can allow an authenticated job submitter to place a container in the host namespace on Linux clients an...

7.7CVSS6AI score0.00248EPSS
Exploits0References1
euvd
euvd
added 2026/07/08 5:29 p.m.6 views

EUVD-2026-42349

HashiCorp Nomad and Nomad Enterprise did not enforce the allowprivileged restriction for the Docker task driver's host namespace mode options. This may allow an authenticated job submitter to run a container in a host namespace and access information belonging to the host or to other workloads on...

7.7CVSS6AI score0.00248EPSS
Exploits0References1
hashicorp
hashicorp
added 2026/07/08 5:26 p.m.8 views

Nomad Docker driver vulnerable to host namespace bypass on Linux

Summary HashiCorp Nomad and Nomad Enterprise did not enforce the allowprivileged restriction for the Docker task driver’s host namespace mode options. This may allow an authenticated job submitter to run a container in a host namespace and access information belonging to the host or to other...

7.7CVSS6.1AI score0.00248EPSS
Exploits0Affected Software1
Rows per page
Query Builder