Suggestions search

All statuses

Filter by:

With package: nomad

Found 2 matching suggestions

View:

Compact

Detailed

Published

Permalink CVE-2026-7474

8.8 HIGH

CVSS version (CVSS): 3.1
Attack Vector (AV): Network (N)
Attack Complexity (AC): Low (L)
Privileges Required (PR): Low (L)
User Interaction (UI): None (N)
Scope (S): Unchanged (U)
Confidentiality (C): High (H)
Integrity (I): High (H)
Availability (A): High (H)
Modified Attack Vector (MAV): Network (N)
Modified Attack Complexity (MAC): Low (L)
Modified Privileges Required (MPR): Low (L)
Modified User Interaction (MUI): None (N)
Modified Confidentiality (MC): High (H)
Modified Scope (MS): Unchanged (U)
Modified Integrity (MI): High (H)
Modified Availability (MA): High (H)

updated 4 hours ago by @LeSuisse Activity log

Created suggestion 10 hours ago
@LeSuisse ignored
13 packages
- git-nomad
- nomad-pack
- nomad-autoscaler
- nomad-driver-podman
- nomad-driver-containerd
- terraform-providers.nomad
- python312Packages.nomadnet
- python313Packages.nomadnet
- python314Packages.nomadnet
- python312Packages.python-nomad
- python313Packages.python-nomad
- python314Packages.python-nomad
- terraform-providers.hashicorp_nomad
4 hours ago
@LeSuisse accepted 4 hours ago
@LeSuisse published on GitHub 4 hours ago

Nomad vulnerable to path traversal in dynamic host volume which may lead to code execution

HashiCorp Nomad and Nomad Enterprise prior to 2.0.1 are vulnerable to code execution on the client host through a path traversal attack. This vulnerability (CVE-2026-7474) is fixed in Nomad 2.0.1, 1.11.5 and 1.10.11.

References

https://discuss.hashicorp.com/t/hcsec-2026-15-nomad-vulnerable-to-path-traversa…

Affected products

Nomad

<2.0.1

Nomad Enterprise

<2.0.1

Matching in nixpkgs

pkgs.nomad

Distributed, Highly Available, Datacenter-Aware Scheduler

nixos-unstable 1.11.3
- nixpkgs-unstable 1.11.3
- nixos-unstable-small 1.11.3
nixos-25.11 1.10.5
- nixos-25.11-small 1.10.5
- nixpkgs-25.11-darwin 1.10.5

pkgs.nomad_1_9

Distributed, Highly Available, Datacenter-Aware Scheduler

nixos-unstable 1.9.7
- nixpkgs-unstable 1.9.7
- nixos-unstable-small 1.9.7
nixos-25.11 1.9.7
- nixos-25.11-small 1.9.7
- nixpkgs-25.11-darwin 1.9.7

pkgs.nomad_1_10

Distributed, Highly Available, Datacenter-Aware Scheduler

nixos-unstable 1.10.5
- nixpkgs-unstable 1.10.5
- nixos-unstable-small 1.10.5
nixos-25.11 1.10.5
- nixos-25.11-small 1.10.5
- nixpkgs-25.11-darwin 1.10.5

pkgs.nomad_1_11

Distributed, Highly Available, Datacenter-Aware Scheduler

nixos-unstable 1.11.3
- nixpkgs-unstable 1.11.3
- nixos-unstable-small 1.11.3

Ignored packages (13)

pkgs.git-nomad

Synchronize work-in-progress git branches in a light weight fashion

nixos-unstable 0.9.0
- nixpkgs-unstable 0.9.0
- nixos-unstable-small 0.9.0
nixos-25.11 0.9.0
- nixos-25.11-small 0.9.0
- nixpkgs-25.11-darwin 0.9.0

pkgs.nomad-pack

Nomad Pack is a templating and packaging tool used with HashiCorp Nomad

nixos-unstable 0.4.2
- nixpkgs-unstable 0.4.2
- nixos-unstable-small 0.4.2
nixos-25.11 0.4.0
- nixos-25.11-small 0.4.0
- nixpkgs-25.11-darwin 0.4.0

pkgs.nomad-autoscaler

Autoscaling daemon for Nomad

nixos-unstable 0.3.6
- nixpkgs-unstable 0.3.6
- nixos-unstable-small 0.3.6
nixos-25.11 0.3.6
- nixos-25.11-small 0.3.6
- nixpkgs-25.11-darwin 0.3.6

pkgs.nomad-driver-podman

Podman task driver for Nomad

nixos-unstable 0.6.4
- nixpkgs-unstable 0.6.4
- nixos-unstable-small 0.6.4
nixos-25.11 0.6.3
- nixos-25.11-small 0.6.3
- nixpkgs-25.11-darwin 0.6.3

pkgs.nomad-driver-containerd

Containerd task driver for Nomad

nixos-unstable 0.9.4
- nixpkgs-unstable 0.9.4
- nixos-unstable-small 0.9.4
nixos-25.11 0.9.4
- nixos-25.11-small 0.9.4
- nixpkgs-25.11-darwin 0.9.4

pkgs.terraform-providers.nomad

None

nixos-unstable 2.6.1
- nixpkgs-unstable 2.6.1
- nixos-unstable-small 2.6.1
nixos-25.11 2.5.1
- nixos-25.11-small 2.5.1
- nixpkgs-25.11-darwin 2.5.1

pkgs.python312Packages.nomadnet

Off-grid, resilient mesh communication

nixos-25.11 0.9.1
- nixos-25.11-small 0.9.1
- nixpkgs-25.11-darwin 0.9.1

pkgs.python313Packages.nomadnet

Off-grid, resilient mesh communication

nixos-unstable 0.9.11
- nixpkgs-unstable 1.0.1
- nixos-unstable-small 1.0.1
nixos-25.11 0.9.1
- nixos-25.11-small 0.9.1
- nixpkgs-25.11-darwin 0.9.1

pkgs.python314Packages.nomadnet

Off-grid, resilient mesh communication

nixos-unstable 0.9.11
- nixpkgs-unstable 1.0.1
- nixos-unstable-small 1.0.1

pkgs.python312Packages.python-nomad

Python client library for Hashicorp Nomad

nixos-25.11 2.1.0
- nixos-25.11-small 2.1.0
- nixpkgs-25.11-darwin 2.1.0

pkgs.python313Packages.python-nomad

Python client library for Hashicorp Nomad

nixos-unstable 2.1.0
- nixpkgs-unstable 2.1.0
- nixos-unstable-small 2.1.0
nixos-25.11 2.1.0
- nixos-25.11-small 2.1.0
- nixpkgs-25.11-darwin 2.1.0

pkgs.python314Packages.python-nomad

Python client library for Hashicorp Nomad

nixos-unstable 2.1.0
- nixpkgs-unstable 2.1.0
- nixos-unstable-small 2.1.0

pkgs.terraform-providers.hashicorp_nomad

None

nixos-unstable 2.6.1
- nixpkgs-unstable 2.6.1
- nixos-unstable-small 2.6.1
nixos-25.11 2.5.1
- nixos-25.11-small 2.5.1
- nixpkgs-25.11-darwin 2.5.1

Package maintainers

@rushmorem Rushmore Mushambi <rushmore@webenchanter.com>
@techknowlogick techknowlogick <techknowlogick@gitea.com>
@cottand Nico D'Cotta <nico@dcotta.com>

Published

Permalink CVE-2026-6959

6.0 MEDIUM

CVSS version (CVSS): 3.1
Attack Vector (AV): Local (L)
Attack Complexity (AC): Low (L)
Privileges Required (PR): High (H)
User Interaction (UI): None (N)
Scope (S): Changed (C)
Confidentiality (C): None (N)
Integrity (I): High (H)
Availability (A): None (N)
Modified Attack Vector (MAV): Local (L)
Modified Attack Complexity (MAC): Low (L)
Modified Privileges Required (MPR): High (H)
Modified User Interaction (MUI): None (N)
Modified Confidentiality (MC): None (N)
Modified Scope (MS): Changed (C)
Modified Integrity (MI): High (H)
Modified Availability (MA): None (N)

updated 4 hours ago by @LeSuisse Activity log

Created suggestion 10 hours ago
@LeSuisse ignored
12 packages
- git-nomad
- nomad-autoscaler
- nomad-driver-podman
- nomad-driver-containerd
- terraform-providers.nomad
- python312Packages.nomadnet
- python313Packages.nomadnet
- python314Packages.nomadnet
- python312Packages.python-nomad
- python313Packages.python-nomad
- python314Packages.python-nomad
- terraform-providers.hashicorp_nomad
4 hours ago
@LeSuisse accepted 4 hours ago
@LeSuisse published on GitHub 4 hours ago

Nomad vulnerable to arbitrary file read/write on client host through symlink attack

HashiCorp Nomad and Nomad Enterprise prior to 2.0.1 are vulnerable to arbitrary file read and write on the client host as the Nomad process user through a symlink attack. This vulnerability (CVE-2026-6959) is fixed in Nomad 2.0.1, 1.11.5 and 1.10.11.