Nomad Exec2 Driver <0.1.2 Arbitrary File Read/Write via Symlink (CVE-2026-8052)
CVE-2026-8052 Published on May 12, 2026

Nomad's exec2 task driver vulnerable to arbitrary file read/write on client host through symlink attack
HashiCorp Nomads exec2 task driver prior to 0.1.2 is vulnerable to arbitrary file read and write on the client host as the Nomad process user through a symlink attack. This vulnerability (CVE-2026-8052) is fixed in version 0.1.2 of the exec2 task driver.

NVD

Weakness Type

What is an insecure temporary file Vulnerability?

The software attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

CVE-2026-8052 has been classified to as an insecure temporary file vulnerability or weakness.

Affected Versions

HashiCorp Shared library:

Version 0.1.0 and below 0.1.2 is affected.

Nomad Exec2 Driver <0.1.2 Arbitrary File Read/Write via Symlink (CVE-2026-8052)CVE-2026-8052 Published on May 12, 2026

Weakness Type

What is an insecure temporary file Vulnerability?

Affected Versions

Nomad Exec2 Driver <0.1.2 Arbitrary File Read/Write via Symlink (CVE-2026-8052)
CVE-2026-8052 Published on May 12, 2026