CVE-2026-14373
Received Received - Intake

Privilege Escalation in HashiCorp Nomad via Docker Host Namespace

Vulnerability report for CVE-2026-14373, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-08

Last updated on: 2026-07-08

Assigner: HashiCorp Inc.

Description

HashiCorp Nomad and Nomad Enterprise did not enforce the allow_privileged restriction for the Docker task driver's host namespace mode options. This may allow an authenticated job submitter to run a container in a host namespace and access information belonging to the host or to other workloads on the same client. This vulnerability, CVE-2026-14373, is fixed in Nomad Community Edition 2.0.4 and Nomad Enterprise 2.0.4, 1.11.8, and 1.10.14.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-08
Last Modified
2026-07-08
Generated
2026-07-09
AI Q&A
2026-07-08
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 8 associated CPEs
Vendor Product Version / Range
hashicorp nomad 2.0.4
hashicorp nomad_enterprise 2.0.4
hashicorp nomad_enterprise 1.11.8
hashicorp nomad_enterprise 1.10.14
hashicorp nomad 1.11.8
hashicorp nomad 1.10.14
hashicorp nomad to 2.0.4 (exc)
hashicorp nomad_enterprise to 2.0.4 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-862 The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

CVE-2026-14373 is a vulnerability in HashiCorp Nomad and Nomad Enterprise where the Docker task driver did not properly enforce the allow_privileged restriction for host namespace mode options on Linux.

This flaw allows an authenticated job submitter to run a container in the host's namespace, which means the container can access information belonging to the host system or other workloads running on the same client.

Detection Guidance

Detection of this vulnerability involves identifying whether your Nomad environment is running a vulnerable version (up to 2.0.3) and if Docker task driver jobs are being submitted with host namespace mode options without enforcement of the allow_privileged restriction.

You can check the Nomad version by running the command:

  • nomad version

To detect if any jobs are using the Docker driver with host namespace mode options, you can inspect running jobs or job specifications for Docker tasks that request host namespaces.

For example, you might use Nomad CLI commands to list jobs and inspect their task configurations:

  • nomad job status
  • nomad job inspect <job_id>

Look specifically for Docker tasks with host namespace mode options enabled, which may indicate potential exploitation or risk.

Mitigation Strategies

The primary mitigation step is to upgrade Nomad or Nomad Enterprise to a fixed version: 2.0.4, 1.11.8, or 1.10.14.

If upgrading is not immediately possible, Nomad Enterprise users can implement a Sentinel policy to restrict the use of host namespaces for Docker tasks, preventing authenticated job submitters from running containers in host namespaces.

Additionally, review and restrict job submission permissions to trusted users only, minimizing the risk of exploitation.

Impact Analysis

If exploited, this vulnerability can allow an authenticated user who can submit jobs to run containers with elevated access to the host's namespace.

This can lead to unauthorized access to sensitive information on the host or other workloads, potentially compromising confidentiality.

Compliance Impact

The vulnerability allows an authenticated job submitter to run a container in a host namespace and access sensitive information belonging to the host or other workloads on the same client. This unauthorized access to sensitive information could potentially lead to non-compliance with data protection standards and regulations such as GDPR and HIPAA, which require strict controls over access to personal and sensitive data.

However, the provided information does not explicitly detail the impact on compliance frameworks or specific regulatory requirements.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-14373. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart