HarborGuard / CVE
Back to search
HIGHCVE-2026-7474Published Modified CNA HashiCorp

CVE-2026-7474: Nomad vulnerable to path traversal in dynamic host volume which may lead to code execution

HashiCorp Nomad and Nomad Enterprise prior to 2.0.1 are vulnerable to code execution on the client host through a path traversal attack. This vulnerability (CVE-2026-7474) is fixed in Nomad 2.0.1, 1.11.5 and 1.10.11.

Metrics

CVSS v3.1
8.8
Severity
HIGH
Fixed in
2.0.1
Affected Products
2

Fix available

2.0.1
Affected packages
  • HashiCorp / Nomad
    < 2.0.1 (from 1.10.0)
  • HashiCorp / Nomad Enterprise
    < 2.0.1 (from 1.10.0)
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
References
CVE-2026-7474: Nomad vulnerable to path traversal in dynamic host volume which may lead to code execution | HarborGuard CVE