What is the CVSS score of CVE-2026-8052?

CVE-2026-8052 has a CVSS 3.1 base score of 6.0 (Medium). CVSS vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:N. EPSS exploitation probability: 0.0%.

Is there a patch available for CVE-2026-8052?

Yes, a patch is available for CVE-2026-8052. Update the affected software to the latest version immediately.

Hashicorp CVE-2026-8052

EUVD-2026-29827 MEDIUM

Improper Link Resolution Before File Access (CWE-59)

2026-05-12 HashiCorp

GHSA-wqwc-x3rc-2xw6

Information Disclosure Hashicorp

6.0

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:N

Attack Vector

Local

Attack Complexity

Low

Privileges Required

High

User Interaction

None

Scope

Changed

Confidentiality

None

Integrity

High

Availability

None

Lifecycle Timeline

Patch available

May 12, 2026 - 21:33 EUVD

CVE Published

May 12, 2026 - 19:09 nvd

MEDIUM 6.0

DescriptionNVD

HashiCorp Nomad’s exec2 task driver prior to 0.1.2 is vulnerable to arbitrary file read and write on the client host as the Nomad process user through a symlink attack. This vulnerability (CVE-2026-8052) is fixed in version 0.1.2 of the exec2 task driver.

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

More from same product – last 7 days

CVE-2026-8903 MEDIUM This Month

4.3 May 27

Cross-Site Request Forgery in the Two-factor Authentication (formerly IP Vault) WordPress plugin versions up to and incl

CVE-2026-9223 Monitor

4.3 May 22

Missing authorization in the vault import feature in Devolutions Server 2026.1.16.0 and earlier allows a low-privileged

CVE-2026-9246 This Week

4.3 May 22

Improper access control in the entry documentation and attachment features in Devolutions Server allows an authenticated

CVE-2026-9248 Monitor

2.6 May 22

Authorization bypass in the entry duplication feature in Devolutions Server allows an authenticated user with write acce

CVE-2026-8052 vulnerability details – vuln.today

Back

Hashicorp CVE-2026-8052

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

Analysis

Full analysis requires sign-in

More from same product – last 7 days

Share

External POC / Exploit Code