CVE-2026-44029

Summary

An issue was discovered in Nix before 2.34.7. Writing to arbitrary files can occur via "nix-prefetch-url –unpack" or "nix store prefetch-file –unpack" directory traversal. The fixed versions are 2.34.7, 2.33.6, 2.32.8, 2.31.5, 2.30.5, 2.29.4, and 2.28.7 (introduced in 2.24.7);

Affected Software

VendorProductVersion RangeStatus
NixOSNix2.24.7 < 2.28.7affected
NixOSNix2.29.0 < 2.29.4affected
NixOSNix2.30.0 < 2.30.5affected
NixOSNix2.31.0 < 2.31.5affected
NixOSNix2.32.0 < 2.32.8affected
NixOSNix2.33.0 < 2.33.6affected
NixOSNix2.34.0 < 2.34.7affected

Weaknesses

  • CWE-36: CWE-36 Absolute Path Traversal

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References