Analysis and contextual insights are available on OpenCVE Cloud.
No vendor fix or workaround currently provided.
Additional remediation guidance may be available on OpenCVE Cloud.
Tracking
Sign in to view the affected projects.
No advisories yet.
Thu, 09 Jul 2026 14:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Wed, 08 Jul 2026 22:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Hashicorp
Hashicorp nomad Hashicorp nomad Enterprise |
|
| Vendors & Products |
Hashicorp
Hashicorp nomad Hashicorp nomad Enterprise |
Wed, 08 Jul 2026 20:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | HashiCorp Nomad and Nomad Enterprise are vulnerable to a cross-namespace authorization bypass in the dynamic host volumes feature that may allow an operator holding the host volume delete permission in one namespace to delete a sticky volume claim belonging to a job in another namespace. This vulnerability, CVE-2026-14896, is fixed in Nomad Community Edition 2.0.4 and Nomad Enterprise 2.0.4, 1.11.8, and 1.10.14. | |
| Title | Nomad vulnerable to cross-namespace host volume claim deletion | |
| Weaknesses | CWE-863 | |
| References |
| |
| Metrics |
cvssV3_1
|
Status: PUBLISHED
Assigner: HashiCorp
Published:
Updated: 2026-07-09T13:40:15.017Z
Reserved: 2026-07-06T18:35:49.618Z
Link: CVE-2026-14896
Updated: 2026-07-09T13:40:10.321Z
No data.
No data.
OpenCVE Enrichment
Updated: 2026-07-09T04:15:12Z