Question 1

What is CVE-2022-41606 — CVE-2022-41606?

Accepted Answer

HashiCorp Nomad and Nomad Enterprise 1.0.2 up to 1.2.12, and 1.3.5 jobs submitted with an artifact stanza using invalid S3 or GCS URLs can be used to crash client agents. Fixed in 1.2.13, 1.3.6, and 1.4.0.

Question 2

What is the authoritative source for CVE-2022-41606?

Accepted Answer

CVE-2022-41606 (CVE-2022-41606) is catalogued in NVD + CISA KEV + FIRST EPSS and curated for EU compliance use cases by SQUR.

CVSS	6.5 ()
Vector	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
EPSS	0.72% probability of exploitation · percentile 48.9% · 2026-06-19T12:03:05Z
Last modified	2026-06-17

CVE-2022-41606CVE-2022-41606

Description

Scoring