hashicorp nomad Vulnerabilities: CVEs, CISA KEV & Security Advisories

Severity and exploitation

How the CVSS severity of hashicorp nomad's CVEs breaks down, plus how many are exploited in the wild or have public exploit code.

Critical1

High8

Medium10

Low3

16 additional CVEs have no CVSS severity score.

In CISA’s Known Exploited Vulnerabilities catalog

None of hashicorp nomad's CVEs are currently listed in CISA's KEV catalog.

Public exploits

No hashicorp nomad CVEs currently have a tracked public exploit.

Affected versions and CVEs

Browse every hashicorp nomad version named in a CVE, then pick one to see only the CVEs that affect it.

Specific versions

v0.6.111 CVEs
v0.6.211 CVEs
v0.6.3-rc111 CVEs
v0.7.011 CVEs
v0.7.0-rc111 CVEs
v0.7.0-rc211 CVEs
v0.7.0-rc311 CVEs
v0.7.111 CVEs
v0.7.1-rc111 CVEs
v0.7.1-rc1+pro11 CVEs
v0.7.1+pro11 CVEs
v0.8.011 CVEs
v0.8.0-rc111 CVEs
v0.8.0-rc1+pro11 CVEs
v0.8.0+pro11 CVEs
v0.8.211 CVEs
v0.8.311 CVEs
v0.8.411 CVEs
v0.8.4-rc111 CVEs
v0.9.011 CVEs
v0.9.0-beta111 CVEs
v0.9.0-beta211 CVEs
v0.9.0-beta311 CVEs
v0.9.0-rc111 CVEs
v0.9.0-rc211 CVEs
v0.9.211 CVEs
v0.9.2-rc111 CVEs
v0.9.311 CVEs
v0.9.411 CVEs
v0.9.4-rc111 CVEs
v0.10.010 CVEs
v0.10.0-beta110 CVEs
v0.10.0-rc110 CVEs
v0.10.110 CVEs
v0.10.210 CVEs
v0.10.2-rc110 CVEs
v0.5.010 CVEs
v0.5.110 CVEs
v0.5.1-rc110 CVEs
v0.5.1-rc210 CVEs
v0.5.210 CVEs
v0.5.2-rc110 CVEs
v0.5.310 CVEs
v0.5.3-rc110 CVEs
v0.5.410 CVEs
v0.5.510 CVEs
v0.5.5-rc110 CVEs
v0.5.5-rc210 CVEs
v0.5.610 CVEs
v0.5.6-rc110 CVEs
v0.6.010 CVEs
v0.6.0-rc110 CVEs
v0.6.0-rc210 CVEs
v1.1.010 CVEs
v1.1.210 CVEs
v1.1.310 CVEs
v1.2.010 CVEs
v0.12.09 CVEs
v0.12.19 CVEs
v0.12.29 CVEs
v0.12.39 CVEs
v0.12.49 CVEs
v0.12.4-rc19 CVEs
v0.3.09 CVEs
v0.3.19 CVEs
v0.3.29 CVEs
v0.3.2-rc19 CVEs
v0.3.2-rc29 CVEs
v0.4.09 CVEs
v0.4.0-rc19 CVEs
v0.4.0-rc29 CVEs
v0.4.19 CVEs
v0.4.1-rc19 CVEs
v0.5.0-rc19 CVEs
v0.5.0-rc29 CVEs
v1.2.19 CVEs
v1.2.29 CVEs
v1.2.39 CVEs
v1.2.49 CVEs
v1.2.59 CVEs
v1.0.28 CVEs
v1.0.38 CVEs
show7 CVEs
v0.11.27 CVEs
v0.12.0-rc17 CVEs
v0.2.07 CVEs
v0.2.17 CVEs
v0.2.27 CVEs
v0.2.37 CVEs
v0.2.3-rc17 CVEs
v0.3.0-rc27 CVEs
v0.3rc17 CVEs
v1.1.0-rc17 CVEs
v0.0.06 CVEs
v0.1.06 CVEs
v0.1.16 CVEs
v0.1.26 CVEs
v1.2.66 CVEs
v1.3.0-beta.16 CVEs
v1.5.05 CVEs
v1.4.0-beta.14 CVEs
v1.5.14 CVEs
v1.5.24 CVEs
v1.9.04 CVEs
v1.9.14 CVEs
v1.3.03 CVEs
v1.4.03 CVEs
v1.5.33 CVEs
v1.5.43 CVEs
v1.5.53 CVEs
v1.5.63 CVEs
v1.8.03 CVEs
v1.8.13 CVEs
v1.8.23 CVEs
v1.9.23 CVEs
v1.9.33 CVEs
1.4.02 CVEs
1.4.12 CVEs
ent-changelog-1.8.52 CVEs
v0.12.52 CVEs
v1.3.0-rc.12 CVEs
v1.3.12 CVEs
v1.3.22 CVEs
v1.3.32 CVEs
v1.3.42 CVEs
v1.3.52 CVEs
v1.4.0-rc.12 CVEs
v1.5.0-beta.12 CVEs
v1.8.32 CVEs
v1.8.42 CVEs
v1.9.52 CVEs
ent-changelog-1.8.71 CVE
ent-changelog-1.8.91 CVE
v0.10.41 CVE
v0.12.61 CVE
v0.12.71 CVE
v1.0.41 CVE
v1.10.01 CVE
v1.10.11 CVE
v1.2.101 CVE
v1.2.111 CVE
v1.2.121 CVE
v1.2.71 CVE
v1.2.81 CVE
v1.2.91 CVE
v1.3.61 CVE
v1.3.71 CVE
v1.3.81 CVE
v1.3.91 CVE
v1.4.11 CVE
v1.4.21 CVE
v1.4.31 CVE
v1.4.41 CVE
v1.5.0-rc.11 CVE
v1.5.131 CVE
v1.6.61 CVE
v1.7.0-beta.21 CVE
v1.7.31 CVE
v1.8.0-beta.11 CVE
v1.8.0-rc.11 CVE
v1.9.61 CVE

Fixed in

1.1.124 CVEs
1.2.64 CVEs
8469293aa07056a0f8682e76716e12f0178fe4c84 CVEs
95514d569610f15ce49b4a7a1a6bfd3e7b3e7b4f4 CVEs
1.0.183 CVEs
7eb2ad21ae4a0a001cb89be92564fca09b1132e53 CVEs
> 1.5.62 CVEs
0.10.32 CVEs
2.0.12 CVEs
74e08d5af48918120c48a74b44d0860905770b822 CVEs
> 1.2.151 CVE
> 1.3.81 CVE
> 1.4.11 CVE

Find a version

38 CVEs

Sort

Nomad vulnerable to path traversal in dynamic host volume which may lead to code execution
CVE-2026-7474
Patch
CWE-22
High · CVSS 8.8
EPSS 0.0% (12th pct)2026-05-12
Nomad vulnerable to arbitrary file read/write on client host through symlink attack
CVE-2026-6959
Patch
CWE-59
Medium · CVSS 6.0
EPSS 0.0% (1th pct)2026-05-12
Nomad Vulnerable To Incorrect ACL Policy Lookup Attached To A Job
CVE-2025-4922
Patch
CWE-266
High · CVSS 8.1
EPSS 0.1% (24th pct)2025-06-11
Nomad Vulnerable To Violation Of Mandatory Sentinel Policies in Nomad Job Submissions via Policy Override
CVE-2025-3744
Patch
CWE-266
High · CVSS 7.6
EPSS 0.3% (49th pct)2025-05-13
Nomad Exposes Sensitive Workload Identity and Client Secret Token in Audit Logs
CVE-2025-1296
Patch
CWE-532
Medium · CVSS 6.5
EPSS 0.2% (40th pct)2025-03-10
Nomad Vulnerable To Event Stream Namespace ACL Policy Bypass Through Wildcard Namespace
CVE-2025-0937
Patch
CWE-863
High · CVSS 7.1
EPSS 0.2% (39th pct)2025-02-12
Medium vulnerability · 2024-12-20
CVE-2024-12678
Patch
CWE-266
Medium · CVSS 6.5
EPSS 0.4% (62th pct)2024-12-20
High vulnerability · 2024-11-07
CVE-2024-10975
Patch
CWE-863
High · CVSS 7.7
EPSS 0.2% (38th pct)2024-11-07
Medium vulnerability · 2024-08-14
CVE-2024-7625
Patch
CWE-610
Medium · CVSS 5.8
EPSS 0.3% (53th pct)2024-08-14
High vulnerability · 2024-07-23
CVE-2024-6717
Patch
CWE-610
High · CVSS 7.7
EPSS 0.3% (53th pct)2024-07-23
High vulnerability · 2024-02-08
CVE-2024-1329
Patch
CWE-59
High · CVSS 7.7
EPSS 0.3% (57th pct)2024-02-08
Medium vulnerability · 2023-07-19
CVE-2023-3300
Patch
CWE-266
Medium · CVSS 5.3
EPSS 0.8% (75th pct)2023-07-19
Low vulnerability · 2023-07-19
CVE-2023-3299
Patch
CWE-201
Low · CVSS 3.4
EPSS 0.3% (57th pct)2023-07-19
Medium vulnerability · 2023-07-19
CVE-2023-3072
Patch
CWE-266
Medium · CVSS 4.1
EPSS 0.1% (17th pct)2023-07-19
Critical vulnerability · 2023-04-05
CVE-2023-1782
Patch
CWE-862
Critical · CVSS 10.0
EPSS 0.5% (65th pct)2023-04-05
Nomad Job Submitter Privilege Escalation Using Workload Identity
CVE-2023-1299
Patch
CWE-862
High · CVSS 7.4
EPSS 0.1% (31th pct)2023-03-14
Nomad ACLs Can Not Deny Access to Workload's Own Variables
CVE-2023-1296
Patch
CWE-682
Low · CVSS 2.7
EPSS 0.2% (38th pct)2023-03-14
Medium vulnerability · 2023-02-16
CVE-2023-0821
Patch
CWE-409
Medium · CVSS 6.5
EPSS 0.5% (64th pct)2023-02-16
Medium vulnerability · 2022-12-26
CVE-2019-14802
Patch
CWE-200
Medium · CVSS 5.3
EPSS 0.2% (47th pct)2022-12-26
Low vulnerability · 2022-11-10
CVE-2022-3867
Patch
CWE-613
Low · CVSS 2.7
EPSS 0.2% (39th pct)2022-11-10
Medium vulnerability · 2022-11-10
CVE-2022-3866
Patch
CWE-668
Medium · CVSS 5.0
EPSS 0.2% (47th pct)2022-11-10
Medium vulnerability · 2022-10-11
CVE-2022-41606
Patch
CWE-20
Medium · CVSS 6.5
EPSS 0.4% (62th pct)2022-10-11
Vulnerability · 2022-05-27
CVE-2022-30324
Patch
Unscored
EPSS 0.4% (62th pct)2022-05-27
Vulnerability · 2022-02-28
CVE-2022-24685
Patch
Unscored
EPSS 0.8% (75th pct)2022-02-28
Vulnerability · 2022-02-17
CVE-2022-24683
Patch
Unscored
EPSS 0.4% (60th pct)2022-02-17
Vulnerability · 2022-02-15
CVE-2022-24684
Patch
Unscored
EPSS 0.8% (75th pct)2022-02-15
Vulnerability · 2022-02-14
CVE-2022-24686
Patch
Unscored
EPSS 0.2% (48th pct)2022-02-14
Vulnerability · 2021-12-03
CVE-2021-43415
Patch
Unscored
EPSS 0.6% (71th pct)2021-12-03
Vulnerability · 2021-10-07
CVE-2021-41865
Patch
Unscored
EPSS 0.5% (65th pct)2021-10-07
Vulnerability · 2021-09-07
CVE-2021-37218
Patch
Unscored
EPSS 0.2% (41th pct)2021-09-07

Showing 30 of 38

Severity and exploitation

hashicorp nomad Vulnerabilities

Overview

Severity and exploitation

Affected versions and CVEs

Specific versions

Fixed in

Common weakness types

Disclosure activity by year

Other hashicorp products

Frequently asked questions

How many CVEs does hashicorp nomad have?

How many hashicorp nomad CVEs are in CISA KEV?

Are there public exploits for hashicorp nomad vulnerabilities?

Which versions of hashicorp nomad are affected?

What are the most common weakness types in hashicorp nomad CVEs?

How many critical hashicorp nomad vulnerabilities are there?

What is the average severity of hashicorp nomad CVEs?

References

Track hashicorp nomad vulnerabilities