Security Bulletin: Nomad vulnerable to arbitrary file read/write on client host through symlink attack

Summary HashiCorp Nomad and Nomad Enterprise prior to 2.0.1 are vulnerable to arbitrary file read and write on the client host as the Nomad process user through a symlink attack. This vulnerability CVE-2026-6959 is fixed in Nomad 2.0.1, 1.11.5 and 1.10.11. Vulnerability Details CVEID:CVE-2026-695...

CVE-2026-8052 Nomad's exec2 task driver vulnerable to arbitrary file read/write on client host through symlink attack

HashiCorp Nomad’s exec2 task driver prior to 0.1.2 is vulnerable to arbitrary file read and write on the client host as the Nomad process user through a symlink attack. This vulnerability CVE-2026-8052 is fixed in version 0.1.2 of the exec2 task driver...

ROS-20251219-7301

Vulnerability in nomad related to incorrect link definition before accessing a file. Exploitation of the vulnerability could allow an attacker to escalate his privileges...

Linux Distros Unpatched Vulnerability : CVE-2024-6717

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - HashiCorp Nomad and Nomad Enterprise 1.6.12 up to 1.7.9, and 1.8.1 archive unpacking during migration is vulnerable to path escaping of the allocation directory...

Linux Distros Unpatched Vulnerability : CVE-2024-10975

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Nomad Community and Nomad Enterprise Nomad volume specification is vulnerable to arbitrary cross- namespace volume creation through unauthorized Container Stora...

The vulnerability of Nomad application orchestrators, related to the disclosure of information through registration files, allows attackers to gain access to the client’s secret token.

The vulnerability of Nomad application orchestrators is related to the disclosure of information through registration files. Exploiting this vulnerability can allow a remote attacker to gain access to the client’s secret token...

UBUNTU-CVE-2024-10975

Nomad Community and Nomad Enterprise "Nomad" volume specification is vulnerable to arbitrary cross-namespace volume creation through unauthorized Container Storage Interface CSI volume writes. This vulnerability, identified as CVE-2024-10975, is fixed in Nomad Community Edition 1.9.2 and Nomad...

HashiCorp Nomad 安全漏洞

HashiCorp Nomad is a simple and flexible scheduler and orchestrator from HashiCorp USA. for managing containerized and non-containerized applications at scale, both locally and in the cloud. A security vulnerability exists in HashiCorp Nomad versions 0.5.0 through 0.9.4 and earlier, which stems...

HashiCorp Nomad 安全漏洞

HashiCorp Nomad is a simple and flexible scheduler and orchestrator from HashiCorp USA. for managing containerized and non-containerized applications at scale, both locally and in the cloud. A security vulnerability exists in HashiCorp Nomad and Nomad Enterprise versions 1.4.0 through 1.4.1, whic...

PT-2020-19472 · Hashicorp · Nomad Enterprise +1

Name of the Vulnerable Software and Affected Versions: HashiCorp Nomad and Nomad Enterprise versions prior to 0.10.3 Description: The issue allows unbounded resource usage and is susceptible to unauthenticated denial of service. This affects the HTTP/RPC services. Recommendations: For versions...