CVE-2026-61828

NixOS · nixpkgs

Nixpkgs contains an incorrect default permissions vulnerability that may expose sensitive files or system components to unauthorized access.

Executive summary

Nixpkgs versions within the specified ranges suffer from incorrect default permissions, which could lead to unauthorized access to sensitive system information.

Vulnerability

The vulnerability stems from incorrect default permissions assigned to software packages. This issue can be exploited by an authenticated local user to gain unauthorized access to system files or escalate privileges.

Business impact

Successful exploitation could result in a total compromise of the affected system's security posture. With a CVSS score of 8.5, this vulnerability represents a severe risk to environments relying on Nixpkgs for software deployment, as local users could potentially bypass system restrictions.

Remediation

Immediate Action: Update the Nixpkgs collection to a secure version as directed by the official NixOS security advisory.

Proactive Monitoring: Regularly audit file system permissions for critical packages and monitor for unauthorized attempts to access restricted directories by non-privileged users.

Compensating Controls: Employ system-level hardening and the principle of least privilege to ensure that local users have restricted access to sensitive software environments.

Exploitation status

Public Exploit Available: Unknown

Analyst recommendation

Given the potential for system-wide impact, it is imperative that administrators using Nixpkgs apply the relevant security updates immediately. Ensure all package channels are synchronized with the latest secure versions to prevent exploitation of these permission flaws.