4 matches found
EUVD-2026-42392
HashiCorp Nomad and Nomad Enterprise are vulnerable to a cross-namespace authorization bypass in the dynamic host volumes feature that may allow an operator holding the host volume delete permission in one namespace to delete a sticky volume claim belonging to a job in another namespace. This...
CVE-2026-14896 Nomad vulnerable to cross-namespace host volume claim deletion
HashiCorp Nomad and Nomad Enterprise are vulnerable to a cross-namespace authorization bypass in the dynamic host volumes feature that may allow an operator holding the host volume delete permission in one namespace to delete a sticky volume claim belonging to a job in another namespace. This...
CVE-2026-7474
CVE-2026-7474 affects HashiCorp Nomad and Nomad Enterprise prior to 2.0.1 through a path traversal vulnerability on the client host that can lead to code execution. The issue is fixed in Nomad 2.0.1, 1.11.5, and 1.10.11. Affected component is the client-side handling of dynamic host volumes, with...
CVE-2026-7474 Nomad vulnerable to path traversal in dynamic host volume which may lead to code execution
HashiCorp Nomad and Nomad Enterprise prior to 2.0.1 are vulnerable to code execution on the client host through a path traversal attack. This vulnerability CVE-2026-7474 is fixed in Nomad 2.0.1, 1.11.5 and 1.10.11...