PT-2026-56556 · Hashicorp · Nomad+1
Published
2026-07-08
·
Updated
2026-07-08
·
CVE-2026-14891
CVSS v3.1
8.7
High
| Vector | AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N |
HashiCorp Nomad and Nomad Enterprise are vulnerable to a sandbox escape in the Docker task driver that may allow a job submitter to bind-mount a host path into a container even when volume bind mounts are disabled, potentially leading to reading and writing files on the host. This vulnerability, CVE-2026-14891, is fixed in Nomad Community Edition 2.0.4 and Nomad Enterprise 2.0.4, 1.11.8, and 1.10.14.
Fix
Link Following
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Nomad
Nomad Enterprise