PT-2026-56556 · Hashicorp · Nomad+1

Published

2026-07-08

·

Updated

2026-07-08

·

CVE-2026-14891

CVSS v3.1

8.7

High

VectorAV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N
HashiCorp Nomad and Nomad Enterprise are vulnerable to a sandbox escape in the Docker task driver that may allow a job submitter to bind-mount a host path into a container even when volume bind mounts are disabled, potentially leading to reading and writing files on the host. This vulnerability, CVE-2026-14891, is fixed in Nomad Community Edition 2.0.4 and Nomad Enterprise 2.0.4, 1.11.8, and 1.10.14.

Fix

Link Following

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-14891

Affected Products

Nomad
Nomad Enterprise