Nomad 2.0.1, Nomad Enterprise 2.0.1+ent, 1.11.5+ent, and 1.10.11+ent released

tgross · May 12, 2026, 6:58pm

The Nomad team has released Nomad 2.0.1!

The release includes critical security patches:

A patch to logmon setup that prevents a task from swapping logmon’s files out for symlinks. For a full description of the vulnerability, refer to bulletinHCSEC-14. We have issued CVE-2026-6959 for this bug.
A patch to Dynamic Host Volume creation that prevents an authorized user from running arbitrary executables on the host. For a full description of the vulnerability, refer to bulletinHCSEC-15. We have issuedCVE-2026-7474 for this bug.

We’re also releasing a new version of the exec2 driver, v0.1.2. This fixes the logmon symlink vulnerability for the exec2 driver. We have issued CVE-2026-8052 for this bug. For a full description of the exec2 vulnerability, refer tobulletinHCSEC-2026-13. Other external task drivers do not need additional patches.

The Nomad 2.0.1 release also includes a number of improvements and bug fixes, and minor security patches.

Added opt-in monitoring to the job dispatch command.
Registering a job that has a service block now emits a warning if no tasks have a shutdown_delay.
The allocation logs directory is now mounted read-only for task drivers that support filesystem isolation.
Added a new scheduler configuration option to allow tuning performance vs accuracy of spread/affinity blocks.
Fixed a bug where soft-mandatory Sentinel policies on volumes did not require sentinel-override ACL capability to override.

Please refer to the changelog for the complete list of improvements and bug fixes. We are also releasing backports of security fixes and bug fixes to Nomad Enterprise v1.11.5+ent and v1.10.11+ent.

Please read the upgrade guide for notes around upgrading and remember that downgrading is not supported. Please do not hesitate tofile an issue on GitHubif you encounter any issues.

Thanks,

The Nomad Team

2.0.1 Binaries - https://releases.hashicorp.com/nomad/2.0.1/

2.0.1 Changelog - https://github.com/hashicorp/nomad/releases/tag/v2.0.1

2.0.1 Release notes - https://developer.hashicorp.com/nomad/docs/release-notes/nomad/v2-0-x

Topic	Replies	Views
HCSEC-2026-13 - Nomad's exec2 task driver vulnerable to arbitrary file read/write on client host through symlink attack Security security-nomad	28	May 12, 2026
Nomad 1.5.1, 1.4.6, and 1.3.11 released Release Notifications nomad-release , nomad	482	March 13, 2023
Nomad driver exec2 v0.1.1 released Nomad	53	October 23, 2025
Nomad 1.2.6, 1.1.12, and 1.0.18 Released Release Notifications nomad-release	870	February 10, 2022
Nomad 1.4.2, 1.3.7, and 1.2.14 released Release Notifications nomad-release	441	October 27, 2022

Nomad 2.0.1, Nomad Enterprise 2.0.1+ent, 1.11.5+ent, and 1.10.11+ent released

Related topics