CVE-2026-7474
HashiCorp · Nomad
A path traversal vulnerability in HashiCorp Nomad and Nomad Enterprise allows authenticated users to access restricted directories, potentially leading to arbitrary code execution.
Executive summary
A critical path traversal vulnerability in HashiCorp Nomad allows authenticated attackers to escape restricted directories, leading to potential remote code execution.
Vulnerability
This is a path traversal vulnerability (CWE-22) in the dynamic host volume implementation. It allows an authenticated user with sufficient permissions to manipulate file paths, potentially accessing or overwriting sensitive system files.
Business impact
The ability to perform path traversal in a service orchestrator like Nomad is highly dangerous, as it can lead to full host compromise or arbitrary code execution. Given the CVSS score of 8.8, this vulnerability represents a significant threat to the security and stability of the entire infrastructure managed by the affected Nomad cluster.
Remediation
Immediate Action: Upgrade to Nomad version 1.11.0-rc.1 (or the latest stable release) to address the path traversal flaw.
Proactive Monitoring: Monitor host file system access logs and Nomad task execution logs for attempts to access directories outside of defined volume mounts.
Compensating Controls: Restrict access to the Nomad API and ensure that job submissions are subject to strict policy enforcement and validation.
Exploitation status
Public Exploit Available: No — there is no confirmed public exploit or weaponized code available in our curated sources.
Analyst recommendation
Given that Nomad manages the lifecycle of applications across a cluster, a compromise here is catastrophic. Teams must prioritize patching this vulnerability to prevent attackers from escalating privileges and gaining control over the underlying infrastructure.