CVE-2026-8052— Nomad's exec2 task driver vulnerable to arbitrary file read/write on client host through symlink attack
Possible ATT&CK Techniques 1AI
T1564.004 · NTFS File AttributesAffected Version Matrix 1
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| HashiCorp | Shared library | 0.1.0< 0.1.2 | affected |
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-8052
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Nomad's exec2 task driver vulnerable to arbitrary file read/write on client host through symlink attack
Source: NVD (National Vulnerability Database)
Vulnerability Description
HashiCorp Nomad’s exec2 task driver prior to 0.1.2 is vulnerable to arbitrary file read and write on the client host as the Nomad process user through a symlink attack. This vulnerability (CVE-2026-8052) is fixed in version 0.1.2 of the exec2 task driver.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
在文件访问前对链接解析不恰当(链接跟随)
Source: NVD (National Vulnerability Database)
Vulnerability Title
HashiCorp Nomad 后置链接漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
HashiCorp Nomad是美国HashiCorp公司的一个简单灵活的调度器和编排器。用于在本地和云中大规模管理容器和非容器化应用程序。 HashiCorp Nomad 0.1.2之前版本存在后置链接漏洞,该漏洞源于符号链接攻击,可能导致在客户端主机上以Nomad进程用户身份进行任意文件读写。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| HashiCorp | Shared library | 0.1.0 ~ 0.1.2 | - |
II. Public POCs for CVE-2026-8052
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-8052
请登录查看更多情报信息。
Same Patch Batch · HashiCorp · 2026-05-12 · 4 CVEs total
| CVE-2026-7474 | 8.8 HIGH | Nomad vulnerable to path traversal in dynamic host volume which may lead to code execution |
| CVE-2026-6959 | 6.0 MEDIUM | Nomad vulnerable to arbitrary file read/write on client host through symlink attack |
| CVE-2026-5061 | 4.7 MEDIUM | Consul-template vulnerable to sandbox path bypass in file helper via a symlink attack |
IV. Related Vulnerabilities
Same product: Shared library
- CVE-2026-0969
Arbitrary code execution in React server-side rendering of u - CVE-2025-8959
HashiCorp go-getter Vulnerable to Arbitrary Read through Sym - CVE-2025-0377
HashiCorp go-slug Vulnerable to Zip Slip Attack - CVE-2024-6257
HashiCorp go-getter Vulnerable to Code Execution On Git Upda - CVE-2024-6104
go-retryablehttp can leak basic auth credentials to log file
Same vendor: HashiCorp
- CVE-2026-7474
Nomad vulnerable to path traversal in dynamic host volume wh - CVE-2026-6959
Nomad vulnerable to arbitrary file read/write on client host - CVE-2026-5061
Consul-template vulnerable to sandbox path bypass in file he - CVE-2026-7776
Boundary Workers Vulnerable to Denial of Service During TLS - CVE-2026-5807
Vault Vulnerable to Denial-of-Service via Unauthenticated Ro
Same weakness: CWE-59
- CVE-2026-45539
Microsoft APM: Symlinks under `.apm/prompts/` and `.apm/agen - CVE-2026-44471
gitoxide: Symlink prefix-reuse allows worktree escape during - CVE-2026-43998
vm2: NodeVM require.root bypass via symlink traversal allows - CVE-2026-44470
Claude Desktop: Local Privilege Escalation via Directory Jun - CVE-2026-44220
ciguard: discover_pipeline_files follows symlinks out of sca
V. Comments for CVE-2026-8052
No comments yet