DigiNews

Tech Watch by Johan Denoyer

← Back to articles

Nix security advisory: Privilege escalation via symlink following during FOD output registration

Quality: 8/10 Relevance: 9/10

Summary

Nix daemon vulnerability allows arbitrary file writes as root via symlink following during FOD output registration, affecting multi-user configurations and untrusted derivations. The issue (CVE-2026-39860, GHSA-g3g9-5vj6-r3gj) affects Nix versions back to 2.21 with multiple patched releases; patches are being rolled into nixpkgs. Upgrading to patched versions and applying the related mitigations is strongly recommended for affected environments.

🚀 Service construit par Johan Denoyer