Nomad's exec2 task driver vulnerable to arbitrary file read/write on client host through symlink attack

CVE	CVE-2026-8052
State	PUBLISHED
Assigner	HashiCorp
Source Priority	CVE Program / NVD first with legacy fallback
Published	2026-05-12 20:16:46 UTC
Updated	2026-05-12 20:16:46 UTC
Description	HashiCorp Nomad’s exec2 task driver prior to 0.1.2 is vulnerable to arbitrary file read and write on the client host as the Nomad process user through a symlink attack. This vulnerability (CVE-2026-8052) is fixed in version 0.1.2 of the exec2 task driver.

Primary CVSS: v3.1 6 MEDIUM from [email protected]

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:N

Problem Types: CWE-59 | CWE-59 CWE-59: Improper Link Resolution Before File Access (Link Following)

Version	Source	Type	Score	Severity	Vector
3.1	[email protected]	Secondary	6	MEDIUM	`CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:N`
3.1	CNA	CVSS	6	MEDIUM	`CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:N`

Attack Vector

Local

Attack Complexity

Low

Privileges Required

High

User Interaction

None

Scope

Changed

Confidentiality

None

Integrity

High

Availability

None

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:N

Source	Vendor	Product	Version	Platforms
CNA	HashiCorp	Shared Library	affected 0.1.0 0.1.2 semver	64 bit, 32 bit, x86, ARM, MacOS, Windows, Linux

Reference	Source	Link	Tags
discuss.hashicorp.com/t/hcsec-2026-13-nomads-exec2-task-driver-vulnerable-to-arbitr...	[email protected]	discuss.hashicorp.com
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

CNA: This issue was identified by the Nomad engineering team in conjunction with Alex Manson (Aiven / NeuroWinter). (en)

There are currently no legacy QID mappings associated with this CVE.