CVE-2026-8052

Source
https://cve.org/CVERecord?id=CVE-2026-8052
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-8052.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-8052
Aliases
Downstream
Published
2026-05-12T19:09:15.248Z
Modified
2026-07-15T01:48:55.114618301Z
Severity
  • 6.0 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:N CVSS Calculator
Summary
Nomad's exec2 task driver vulnerable to arbitrary file read/write on client host through symlink attack
Details

HashiCorp Nomad’s exec2 task driver prior to 0.1.2 is vulnerable to arbitrary file read and write on the client host as the Nomad process user through a symlink attack. This vulnerability (CVE-2026-8052) is fixed in version 0.1.2 of the exec2 task driver.

Database specific
{
    "cna_assigner": "HashiCorp",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/8xxx/CVE-2026-8052.json",
    "cwe_ids": [
        "CWE-59"
    ]
}
References

Affected packages

Git / github.com/hashicorp/nomad-driver-exec2

Affected ranges

Type
GIT
Repo
https://github.com/hashicorp/nomad-driver-exec2
Events
Database specific
{
    "source": "AFFECTED_FIELD",
    "extracted_events": [
        {
            "introduced": "0.1.0"
        },
        {
            "fixed": "0.1.2"
        }
    ]
}

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-8052.json"