3 matches found
CVE-2026-39860
A flaw was found in Nix. This vulnerability allows local users, who can submit builds to the Nix daemon, to create a symbolic link symlink during the output registration process of fixed-output derivations. The Nix process, running with elevated privileges, would then follow this symlink, leading...
CVE-2026-39860
Nix is a package manager for Linux and other Unix systems. A bug in the fix for CVE-2024-27297 allowed for arbitrary overwrites of files writable by the Nix process orchestrating the builds typically the Nix daemon running as root in multi-user installations by following symlinks during...
PT-2026-31315
Name of the Vulnerable Software and Affected Versions Nix versions prior to 2.34.5 Nix versions prior to 2.33.4 Nix versions prior to 2.32.7 Nix versions prior to 2.31.4 Nix versions prior to 2.30.4 Nix versions prior to 2.29.3 Nix versions prior to 2.28.6 Description A flaw exists in the fix for...