CVE-2026-39860

Name of the Vulnerable Software and Affected Versions Nix versions prior to 2.34.5 Nix versions prior to 2.33.4 Nix versions prior to 2.32.7 Nix versions prior to 2.31.4 Nix versions prior to 2.30.4 Nix versions prior to 2.29.3 Nix versions prior to 2.28.6

Description A flaw exists in the fix for a previous issue that allows for arbitrary overwrites of files writable by the Nix process, particularly in multi-user installations where the Nix daemon runs as root. This impacts sandboxed Linux builds, while sandboxed macOS builds are not affected. The vulnerability arises from the ability to create symlinks pointing to arbitrary filesystem locations during build output registration. When the Nix process follows these symlinks, it can overwrite files, potentially granting unauthorized users root privileges by modifying sensitive files.

Recommendations Update to Nix version 2.34.5 or later. Update to Nix version 2.33.4 or later. Update to Nix version 2.32.7 or later. Update to Nix version 2.31.4 or later. Update to Nix version 2.30.4 or later. Update to Nix version 2.29.3 or later. Update to Nix version 2.28.6 or later.