5 matches found
SUSE CVE-2026-39860
Nix is a package manager for Linux and other Unix systems. A bug in the fix for CVE-2024-27297 allowed for arbitrary overwrites of files writable by the Nix process orchestrating the builds typically the Nix daemon running as root in multi-user installations by following symlinks during...
EUVD-2026-20626
Nix is a package manager for Linux and other Unix systems. A bug in the fix for CVE-2024-27297 allowed for arbitrary overwrites of files writable by the Nix process orchestrating the builds typically the Nix daemon running as root in multi-user installations by following symlinks during...
CVE-2026-39860
CVE-2026-39860 affects Nix, via a bug in the fix for CVE-2024-27297 that allowed arbitrary overwrites of files writable by the Nix build orchestrator (typically the root-running Nix daemon in multi-user setups) by following symlinks during fixed-output derivation output registration. Impact is li...
CVE-2026-39860 Nix sandbox escape: file write via symlink at FOD `.tmp` copy destination
Nix is a package manager for Linux and other Unix systems. A bug in the fix for CVE-2024-27297 allowed for arbitrary overwrites of files writable by the Nix process orchestrating the builds typically the Nix daemon running as root in multi-user installations by following symlinks during...
Nix Security Vulnerabilities
Nix is a powerful package manager from Nix open source. It is used for making packages. A security vulnerability exists in Nix 2.20.3 and earlier versions, which stems from the fact that a fixed-output derivation on Linux can send a file descriptor from Nix storage to another program running on t...