CVE-2026-14896
- EPSS 0.16%
- Veröffentlicht 08.07.2026 20:21:16
- Zuletzt bearbeitet 09.07.2026 16:29:14
HashiCorp Nomad and Nomad Enterprise are vulnerable to a cross-namespace authorization bypass in the dynamic host volumes feature that may allow an operator holding the host volume delete permission in one namespace to delete a sticky volume claim be...
CVE-2026-14891
- EPSS 0.32%
- Veröffentlicht 08.07.2026 20:16:48
- Zuletzt bearbeitet 09.07.2026 16:29:14
HashiCorp Nomad and Nomad Enterprise are vulnerable to a sandbox escape in the Docker task driver that may allow a job submitter to bind-mount a host path into a container even when volume bind mounts are disabled, potentially leading to reading and ...
CVE-2026-14373
- EPSS 0.25%
- Veröffentlicht 08.07.2026 17:29:30
- Zuletzt bearbeitet 09.07.2026 16:29:14
HashiCorp Nomad and Nomad Enterprise did not enforce the allow_privileged restriction for the Docker task driver's host namespace mode options. This may allow an authenticated job submitter to run a container in a host namespace and access informatio...
CVE-2026-7474
- EPSS 6.89%
- Veröffentlicht 12.05.2026 19:09:44
- Zuletzt bearbeitet 13.05.2026 15:53:17
HashiCorp Nomad and Nomad Enterprise prior to 2.0.1 are vulnerable to code execution on the client host through a path traversal attack. This vulnerability (CVE-2026-7474) is fixed in Nomad 2.0.1, 1.11.5 and 1.10.11.
- EPSS 0.17%
- Veröffentlicht 12.05.2026 18:59:09
- Zuletzt bearbeitet 13.05.2026 15:53:17
HashiCorp Nomad and Nomad Enterprise prior to 2.0.1 are vulnerable to arbitrary file read and write on the client host as the Nomad process user through a symlink attack. This vulnerability (CVE-2026-6959) is fixed in Nomad 2.0.1, 1.11.5 and 1.10.11.
CVE-2025-4922
- EPSS 0.48%
- Veröffentlicht 11.06.2025 13:24:18
- Zuletzt bearbeitet 22.12.2025 16:37:53
Nomad Community and Nomad Enterprise (“Nomad”) prefix-based ACL policy lookup can lead to incorrect rule application and shadowing. This vulnerability, identified as CVE-2025-4922, is fixed in Nomad Community Edition 1.10.2 and Nomad Enterprise 1.10....
CVE-2025-3744
- EPSS 0.24%
- Veröffentlicht 13.05.2025 18:40:08
- Zuletzt bearbeitet 15.05.2025 16:45:32
Nomad Enterprise (“Nomad”) jobs using the policy override option are bypassing the mandatory sentinel policies. This vulnerability, identified as CVE-2025-3744, is fixed in Nomad Enterprise 1.10.1, 1.9.9, and 1.8.13.
CVE-2025-1296
- EPSS 0.45%
- Veröffentlicht 10.03.2025 18:15:30
- Zuletzt bearbeitet 18.12.2025 14:41:48
Nomad Community and Nomad Enterprise (“Nomad”) are vulnerable to unintentional exposure of the workload identity token and client secret token in audit logs. This vulnerability, identified as CVE-2025-1296, is fixed in Nomad Community Edition 1.9.7 a...
CVE-2025-0937
- EPSS 0.41%
- Veröffentlicht 12.02.2025 19:15:09
- Zuletzt bearbeitet 15.12.2025 21:07:54
Nomad Community and Nomad Enterprise ("Nomad") event stream configured with a wildcard namespace can bypass the ACL Policy allowing reads on other namespaces.
CVE-2024-12678
- EPSS 0.53%
- Veröffentlicht 20.12.2024 02:15:05
- Zuletzt bearbeitet 12.12.2025 20:19:49
Nomad Community and Nomad Enterprise ("Nomad") allocations are vulnerable to privilege escalation within a namespace through unredacted workload identity tokens. This vulnerability, identified as CVE-2024-12678, is fixed in Nomad Community Edition 1....