Skip to main content

Nomad Enterprise

1 CVEs product

Monthly

CVE-2026-14373 HIGH PATCH This Week

Host namespace escape in HashiCorp Nomad and Nomad Enterprise lets an authenticated job submitter bypass the allow_privileged control for the Docker task driver, launching containers in host PID/network/IPC namespaces to read data from the host or co-located workloads on the same client node. The flaw stems from missing authorization enforcement (CWE-862) and carries a CVSS 7.7 with a changed scope, reflecting cross-tenant impact. There is no public exploit identified at time of analysis and it is not listed in CISA KEV.

Authentication Bypass Hashicorp Docker Nomad Nomad Enterprise
NVD VulDB
CVSS 3.1
7.7
EPSS
0.2%
EPSS 0% CVSS 7.7
HIGH PATCH This Week

Host namespace escape in HashiCorp Nomad and Nomad Enterprise lets an authenticated job submitter bypass the allow_privileged control for the Docker task driver, launching containers in host PID/network/IPC namespaces to read data from the host or co-located workloads on the same client node. The flaw stems from missing authorization enforcement (CWE-862) and carries a CVSS 7.7 with a changed scope, reflecting cross-tenant impact. There is no public exploit identified at time of analysis and it is not listed in CISA KEV.

Authentication Bypass Hashicorp Docker +2
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy