No analysis available yet.
No remediation available yet.
Tracking
Sign in to view the affected projects.
No advisories yet.
Wed, 08 Jul 2026 22:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Hashicorp
Hashicorp nomad Hashicorp nomad Enterprise |
|
| Vendors & Products |
Hashicorp
Hashicorp nomad Hashicorp nomad Enterprise |
Wed, 08 Jul 2026 21:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Wed, 08 Jul 2026 20:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | HashiCorp Nomad and Nomad Enterprise are vulnerable to a sandbox escape in the Docker task driver that may allow a job submitter to bind-mount a host path into a container even when volume bind mounts are disabled, potentially leading to reading and writing files on the host. This vulnerability, CVE-2026-14891, is fixed in Nomad Community Edition 2.0.4 and Nomad Enterprise 2.0.4, 1.11.8, and 1.10.14. | |
| Title | Nomad vulnerable to sandbox escape in Docker task driver | |
| Weaknesses | CWE-59 | |
| References |
| |
| Metrics |
cvssV3_1
|
Status: PUBLISHED
Assigner: HashiCorp
Published:
Updated: 2026-07-08T20:36:00.440Z
Reserved: 2026-07-06T18:05:48.932Z
Link: CVE-2026-14891
Updated: 2026-07-08T20:35:56.786Z
No data.
No data.
OpenCVE Enrichment
Updated: 2026-07-08T22:00:05Z
-
CWE-59
Improper Link Resolution Before File Access ('Link Following')