Nixpkgs security tracker

Login with GitHub

Details of issue NIXPKGS-2026-1549

NIXPKGS-2026-1549

GitHub issue published on

Permalink CVE-2026-6959

6.0 MEDIUM

CVSS version (CVSS): 3.1
Attack Vector (AV): Local (L)
Attack Complexity (AC): Low (L)
Privileges Required (PR): High (H)
User Interaction (UI): None (N)
Scope (S): Changed (C)
Confidentiality (C): None (N)
Integrity (I): High (H)
Availability (A): None (N)
Modified Attack Vector (MAV): Local (L)
Modified Attack Complexity (MAC): Low (L)
Modified Privileges Required (MPR): High (H)
Modified User Interaction (MUI): None (N)
Modified Confidentiality (MC): None (N)
Modified Scope (MS): Changed (C)
Modified Integrity (MI): High (H)
Modified Availability (MA): None (N)

updated 4 hours ago by @LeSuisse Activity log

Created suggestion 10 hours ago
@LeSuisse ignored
12 packages
- git-nomad
- nomad-autoscaler
- nomad-driver-podman
- nomad-driver-containerd
- terraform-providers.nomad
- python312Packages.nomadnet
- python313Packages.nomadnet
- python314Packages.nomadnet
- python312Packages.python-nomad
- python313Packages.python-nomad
- python314Packages.python-nomad
- terraform-providers.hashicorp_nomad
4 hours ago
@LeSuisse accepted 4 hours ago
@LeSuisse published on GitHub 4 hours ago

Nomad vulnerable to arbitrary file read/write on client host through symlink attack

HashiCorp Nomad and Nomad Enterprise prior to 2.0.1 are vulnerable to arbitrary file read and write on the client host as the Nomad process user through a symlink attack. This vulnerability (CVE-2026-6959) is fixed in Nomad 2.0.1, 1.11.5 and 1.10.11.

References

https://discuss.hashicorp.com/t/hcsec-2026-14-nomad-arbitrary-file-read-write-o…

Affected products

Nomad

<2.0.1

Nomad Enterprise

<2.0.1

Matching in nixpkgs

pkgs.nomad

Distributed, Highly Available, Datacenter-Aware Scheduler

nixos-unstable 1.11.3
- nixpkgs-unstable 1.11.3
- nixos-unstable-small 1.11.3
nixos-25.11 1.10.5
- nixos-25.11-small 1.10.5
- nixpkgs-25.11-darwin 1.10.5

pkgs.nomad_1_9

Distributed, Highly Available, Datacenter-Aware Scheduler

nixos-unstable 1.9.7
- nixpkgs-unstable 1.9.7
- nixos-unstable-small 1.9.7
nixos-25.11 1.9.7
- nixos-25.11-small 1.9.7
- nixpkgs-25.11-darwin 1.9.7

pkgs.nomad-pack

Nomad Pack is a templating and packaging tool used with HashiCorp Nomad

nixos-unstable 0.4.2
- nixpkgs-unstable 0.4.2
- nixos-unstable-small 0.4.2
nixos-25.11 0.4.0
- nixos-25.11-small 0.4.0
- nixpkgs-25.11-darwin 0.4.0

pkgs.nomad_1_10

Distributed, Highly Available, Datacenter-Aware Scheduler

nixos-unstable 1.10.5
- nixpkgs-unstable 1.10.5
- nixos-unstable-small 1.10.5
nixos-25.11 1.10.5
- nixos-25.11-small 1.10.5
- nixpkgs-25.11-darwin 1.10.5

pkgs.nomad_1_11

Distributed, Highly Available, Datacenter-Aware Scheduler

nixos-unstable 1.11.3
- nixpkgs-unstable 1.11.3
- nixos-unstable-small 1.11.3

Ignored packages (12)

pkgs.git-nomad

Synchronize work-in-progress git branches in a light weight fashion

nixos-unstable 0.9.0
- nixpkgs-unstable 0.9.0
- nixos-unstable-small 0.9.0
nixos-25.11 0.9.0
- nixos-25.11-small 0.9.0
- nixpkgs-25.11-darwin 0.9.0

pkgs.nomad-autoscaler

Autoscaling daemon for Nomad

nixos-unstable 0.3.6
- nixpkgs-unstable 0.3.6
- nixos-unstable-small 0.3.6
nixos-25.11 0.3.6
- nixos-25.11-small 0.3.6
- nixpkgs-25.11-darwin 0.3.6

pkgs.nomad-driver-podman

Podman task driver for Nomad

nixos-unstable 0.6.4
- nixpkgs-unstable 0.6.4
- nixos-unstable-small 0.6.4
nixos-25.11 0.6.3
- nixos-25.11-small 0.6.3
- nixpkgs-25.11-darwin 0.6.3

pkgs.nomad-driver-containerd

Containerd task driver for Nomad

nixos-unstable 0.9.4
- nixpkgs-unstable 0.9.4
- nixos-unstable-small 0.9.4
nixos-25.11 0.9.4
- nixos-25.11-small 0.9.4
- nixpkgs-25.11-darwin 0.9.4

pkgs.terraform-providers.nomad

None

nixos-unstable 2.6.1
- nixpkgs-unstable 2.6.1
- nixos-unstable-small 2.6.1
nixos-25.11 2.5.1
- nixos-25.11-small 2.5.1
- nixpkgs-25.11-darwin 2.5.1

pkgs.python312Packages.nomadnet

Off-grid, resilient mesh communication

nixos-25.11 0.9.1
- nixos-25.11-small 0.9.1
- nixpkgs-25.11-darwin 0.9.1

pkgs.python313Packages.nomadnet

Off-grid, resilient mesh communication

nixos-unstable 0.9.11
- nixpkgs-unstable 1.0.1
- nixos-unstable-small 1.0.1
nixos-25.11 0.9.1
- nixos-25.11-small 0.9.1
- nixpkgs-25.11-darwin 0.9.1

pkgs.python314Packages.nomadnet

Off-grid, resilient mesh communication

nixos-unstable 0.9.11
- nixpkgs-unstable 1.0.1
- nixos-unstable-small 1.0.1

pkgs.python312Packages.python-nomad

Python client library for Hashicorp Nomad

nixos-25.11 2.1.0
- nixos-25.11-small 2.1.0
- nixpkgs-25.11-darwin 2.1.0

pkgs.python313Packages.python-nomad

Python client library for Hashicorp Nomad

nixos-unstable 2.1.0
- nixpkgs-unstable 2.1.0
- nixos-unstable-small 2.1.0
nixos-25.11 2.1.0
- nixos-25.11-small 2.1.0
- nixpkgs-25.11-darwin 2.1.0

pkgs.python314Packages.python-nomad

Python client library for Hashicorp Nomad

nixos-unstable 2.1.0
- nixpkgs-unstable 2.1.0
- nixos-unstable-small 2.1.0

pkgs.terraform-providers.hashicorp_nomad

None

nixos-unstable 2.6.1
- nixpkgs-unstable 2.6.1
- nixos-unstable-small 2.6.1
nixos-25.11 2.5.1
- nixos-25.11-small 2.5.1
- nixpkgs-25.11-darwin 2.5.1

Package maintainers

@rushmorem Rushmore Mushambi <rushmore@webenchanter.com>
@techknowlogick techknowlogick <techknowlogick@gitea.com>
@cottand Nico D'Cotta <nico@dcotta.com>