CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Tenable Nessus•added 2026/05/14 12:0 a.m.•3 views

Linux Distros Unpatched Vulnerability : CVE-2026-8052

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - HashiCorp Nomad's exec2 task driver prior to 0.1.2 is vulnerable to arbitrary file read and write on the client host as the Nomad process user through a symlink...

6CVSS6AI score0.00027EPSS

Tenable Nessus•added 2026/05/14 12:0 a.m.•2 views

Linux Distros Unpatched Vulnerability : CVE-2026-6959

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - HashiCorp Nomad and Nomad Enterprise prior to 2.0.1 are vulnerable to arbitrary file read and write on the client host as the Nomad process user through a symli...

Tenable Nessus•added 2026/05/14 12:0 a.m.•2 views

Linux Distros Unpatched Vulnerability : CVE-2026-7474

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - HashiCorp Nomad and Nomad Enterprise prior to 2.0.1 are vulnerable to code execution on the client host through a path traversal attack. This vulnerability...

Snyk•added 2026/05/12 9:31 p.m.•2 views

Directory Traversal

Overview github.com/hashicorp/nomad is a workload orchestrator that can deploy a mix of microservice, batch, containerized, and non-containerized applications. Affected versions of this package are vulnerable to Directory Traversal via the host volume Create workflow. An attacker can break out of...

8.8CVSS6.3AI score0.00039EPSS

OSV•added 2026/05/12 9:31 p.m.•1 views

GHSA-HX53-77QJ-8663 HashiCorp Nomad vulnerable to a path traversal

HashiCorp Nomad and Nomad Enterprise prior to 2.0.1 are vulnerable to code execution on the client host through a path traversal attack. This vulnerability CVE-2026-7474 is fixed in Nomad 2.0.1, 1.11.5 and 1.10.11...

Github Security Blog•added 2026/05/12 9:31 p.m.•6 views

Exploits0References5

HashiCorp Nomad’s exec2 task driver vulnerable to a symlink attack

HashiCorp Nomad’s exec2 task driver prior to 0.1.2 is vulnerable to arbitrary file read and write on the client host as the Nomad process user through a symlink attack. This vulnerability CVE-2026-8052 is fixed in version 0.1.2 of the exec2 task driver...

Exploits0References4Affected Software1

EUVD•added 2026/05/12 9:31 p.m.•4 views

EUVD-2026-29827

Snyk•added 2026/05/12 9:31 p.m.•1 views

Symlink Attack

Overview github.com/hashicorp/nomad is a workload orchestrator that can deploy a mix of microservice, batch, containerized, and non-containerized applications. Affected versions of this package are vulnerable to Symlink Attack via shared task log directory. An attacker can read and write arbitrar...

Github Security Blog•added 2026/05/12 9:31 p.m.•5 views

HashiCorp Nomad vulnerable to symlink attack

HashiCorp Nomad and Nomad Enterprise prior to 2.0.1 are vulnerable to arbitrary file read and write on the client host as the Nomad process user through a symlink attack. This vulnerability CVE-2026-6959 is fixed in Nomad 2.0.1, 1.11.5 and 1.10.11...

Exploits0References5Affected Software1

OSV•added 2026/05/12 9:31 p.m.•2 views

GHSA-3934-423W-4JQ3 HashiCorp Nomad vulnerable to symlink attack

EUVD•added 2026/05/12 9:31 p.m.•4 views

Exploits0References5

EUVD-2026-29826

EUVD•added 2026/05/12 9:31 p.m.•4 views

EUVD-2026-29825

OSV•added 2026/05/12 9:31 p.m.•2 views

GHSA-WQWC-X3RC-2XW6 HashiCorp Nomad’s exec2 task driver vulnerable to a symlink attack

Github Security Blog•added 2026/05/12 9:31 p.m.•5 views

Exploits0References4

HashiCorp Nomad vulnerable to a path traversal

Exploits0References5Affected Software1

Snyk•added 2026/05/12 9:20 p.m.•1 views

Symlink Attack

Overview Affected versions of this package are vulnerable to Symlink Attack via the exec2 process. An attacker can access or modify arbitrary files on the client host by exploiting symbolic link handling. Remediation Upgrade github.com/hashicorp/nomad-driver-exec2/plugin to version 0.1.2 or highe...

6.7CVSS5.9AI score0.00027EPSS

IBM Security Bulletins•added 2026/05/12 8:17 p.m.•4 views

Security Bulletin: Nomad vulnerable to path traversal in dynamic host volume which may lead to code execution

Summary HashiCorp Nomad and Nomad Enterprise prior to 2.0.1 are vulnerable to code execution on the client host through a path traversal attack. This vulnerability CVE-2026-7474 is fixed in Nomad 2.0.1, 1.11.5 and 1.10.11. Vulnerability Details CVEID:CVE-2026-7474 DESCRIPTION: A user with...

8.8CVSS6.1AI score0.00039EPSS

Exploits0Affected Software1

IBM Security Bulletins•added 2026/05/12 8:17 p.m.•5 views

Security Bulletin: Nomad vulnerable to arbitrary file read/write on client host through symlink attack

Summary HashiCorp Nomad and Nomad Enterprise prior to 2.0.1 are vulnerable to arbitrary file read and write on the client host as the Nomad process user through a symlink attack. This vulnerability CVE-2026-6959 is fixed in Nomad 2.0.1, 1.11.5 and 1.10.11. Vulnerability Details CVEID:CVE-2026-695...

Exploits0Affected Software1

IBM Security Bulletins•added 2026/05/12 8:17 p.m.•6 views

Security Bulletin: Nomad's exec2 task driver vulnerable to arbitrary file read/write on client host through symlink attack

Summary HashiCorp Nomad’s exec2 task driver prior to 0.1.2 is vulnerable to arbitrary file read and write on the client host as the Nomad process user through a symlink attack. This vulnerability CVE-2026-8052 is fixed in version 0.1.2 of the exec2 task driver. Vulnerability Details...