CVE-2026-44028

Name of the Vulnerable Software and Affected Versions Nix versions 2.24.4 through 2.34.6 Lix versions 2.93.0 through 2.95.1

Description Unbounded recursion in the NAR (Nix Archive) parser can lead to a stack-to-heap overflow when the parser operates on a coroutine stack. Because the stack is allocated without a guard page, a stack overflow may overwrite heap memory, potentially allowing arbitrary code execution as the Nix daemon, which runs as root in multi-user installations, provided ASLR (Address Space Layout Randomization) hardening is bypassed. This issue can be exploited by any user capable of connecting to the daemon, such as those permitted via the allowed-users setting.

Recommendations Update Nix to versions 2.34.7, 2.33.6, 2.32.8, 2.31.5, 2.30.5, 2.29.4, or 2.28.7. Update Lix to versions 2.95.2, 2.94.2, or 2.93.4.