CVE-2026-6959

Published: Mag 12, 2026 Last Modified: Mag 12, 2026

ExploitDB:

Other exploit source:

Google Dorks:

MEDIUM 6,0

Source: [email protected]

Attack Vector: local

Attack Complexity: low

Privileges Required: high

User Interaction: none

Scope: changed

Confidentiality: none

Integrity: high

Availability: none

Description

AI Translation Available

HashiCorp Nomad and Nomad Enterprise prior to 2.0.1 are vulnerable to arbitrary file read and write on the client host as the Nomad process user through a symlink attack. This vulnerability (CVE-2026-6959) is fixed in Nomad 2.0.1, 1.11.5 and 1.10.11.

Improper Link Resolution Before File Access ('Link Following')

Draft

Abstraction: Base Structure: Simple

Common Consequences

Security Scopes Affected:

Confidentiality Integrity Access Control Other

Potential Impacts:

Read Files Or Directories Modify Files Or Directories Bypass Protection Mechanism Execute Unauthorized Code Or Commands

Applicable Platforms

Operating Systems: Windows, Unix

Likelihood of Exploit: Medium

View CWE Details

https://discuss.hashicorp.com/t/hcsec-2026-14-nomad-arbitra…

https://discuss.hashicorp.com/t/hcsec-2026-14-nomad-arbitrary-file-read-write-o…

CVE-2026-6959

Description

Improper Link Resolution Before File Access ('Link Following')

Common Consequences

Applicable Platforms

Iscriviti alla newsletter