CVE-2026-7474

Source
https://cve.org/CVERecord?id=CVE-2026-7474
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-7474.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-7474
Aliases
Downstream
Published
2026-05-12T19:09:44.680Z
Modified
2026-07-15T01:49:07.031767992Z
Severity
  • 8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
Nomad vulnerable to path traversal in dynamic host volume which may lead to code execution
Details

HashiCorp Nomad and Nomad Enterprise prior to 2.0.1 are vulnerable to code execution on the client host through a path traversal attack. This vulnerability (CVE-2026-7474) is fixed in Nomad 2.0.1, 1.11.5 and 1.10.11.

Database specific
{
    "cna_assigner": "HashiCorp",
    "cwe_ids": [
        "CWE-22"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/7xxx/CVE-2026-7474.json"
}
References

Affected packages

Git / github.com/hashicorp/nomad

Affected ranges

Type
GIT
Repo
https://github.com/hashicorp/nomad
Events
Database specific
{
    "source": "AFFECTED_FIELD",
    "extracted_events": [
        {
            "introduced": "1.10.0"
        },
        {
            "fixed": "2.0.1"
        }
    ]
}

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-7474.json"