Arbitrary File Access Vulnerability in HashiCorp Nomad Exec2 Task Driver
CVE-2026-8052

6MEDIUM

Key Information:

Vendor: Hashicorp
Status: Shared Library
Vendor: CVE Published:; 12 May 2026

What is CVE-2026-8052?

HashiCorp Nomad's exec2 task driver prior to version 0.1.2 is susceptible to a vulnerability that allows attackers to exploit symlink attacks, leading to arbitrary reading and writing of files on the client host as the Nomad process user. This security flaw poses significant risks, enabling unauthorized access and manipulation of sensitive files that could compromise the integrity and confidentiality of the system.

Affected Version(s)

Shared library 64 bit 0.1.0 < 0.1.2

References

https://discuss.hashicorp.com/t/hcsec-2026-13-nomads-exec...

CVSS V3.1

Score:

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 12, 2026
Vulnerability Reserved
May 6, 2026

Credit

This issue was identified by the Nomad engineering team in conjunction with Alex Manson (Aiven / NeuroWinter).

CVE-2026-8052 Data

JSON

Hashicorp

What is CVE-2026-8052?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit