PT-2026-40384 · Hashicorp · Nomad+1

Published

2026-05-12

Updated

2026-05-12

CVE-2026-6959

CVSS v3.1

6.0

Medium

Vector

AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions HashiCorp Nomad versions prior to 2.0.1 HashiCorp Nomad Enterprise versions prior to 2.0.1

Description An issue exists that allows arbitrary file read and write operations on the client host with the privileges of the Nomad process user. This is achieved through a symlink attack, where a symbolic link (a file that points to another file or directory) is used to access unauthorized locations on the host system.

Recommendations Update HashiCorp Nomad to version 2.0.1, 1.11.5, or 1.10.11. Update HashiCorp Nomad Enterprise to version 2.0.1, 1.11.5, or 1.10.11.

Fix

Link Following

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-59

Related Identifiers

BDU:2026-06944

CVE-2026-6959

GHSA-3934-423W-4JQ3

Affected Products

Nomad

Nomad Enterprise

PT-2026-40384 · Hashicorp · Nomad+1

CVE-2026-6959

Weakness Enumeration

Related Identifiers

Affected Products

References · 11