CVE-2026-8052: Nomad's exec2 task driver vulnerable to arbitrary file read/write on client host through symlink attack
Published May 12, 2026
·Updated
HashiCorp Nomad’s exec2 task driver prior to 0.1.2 is vulnerable to arbitrary file read and write on the client host as the Nomad process user through a symlink attack. This vulnerability (CVE-2026-8052) is fixed in version 0.1.2 of the exec2 task driver.
Affected Software
1 affected component
HashiCorp Nomad exec2 task driver<0.1.2
Event History
May 12, 2026
CVE Published
via MITRE·07:09 PM
Data Sourced
via MITRE·07:09 PM
DescriptionSeverityWeakness
Data Sourced
via NVD·08:16 PM
DescriptionSeverityWeakness
Oct 31, 58347
Event
via FIRST·03:35 PM
Frequently Asked Questions
1
What is the severity of CVE-2026-8052?
CVE-2026-8052 is classified as a high-severity vulnerability due to its potential for arbitrary file read and write on client hosts.
2
How do I fix CVE-2026-8052?
To mitigate CVE-2026-8052, upgrade to HashiCorp Nomad exec2 task driver version 0.1.2 or later.
3
What systems are affected by CVE-2026-8052?
CVE-2026-8052 affects HashiCorp Nomad exec2 task driver versions prior to 0.1.2.
4
What type of attack is associated with CVE-2026-8052?
CVE-2026-8052 is associated with a symlink attack that allows arbitrary file access on the client host.
5
Who is the vendor for the affected product of CVE-2026-8052?
The vendor for the affected product related to CVE-2026-8052 is HashiCorp.