Nix security advisory: Privilege escalation via symlink following during FOD output registration
Summary
Nix daemon vulnerability allows arbitrary file writes as root via symlink following during FOD output registration, affecting multi-user configurations and untrusted derivations. The issue (CVE-2026-39860, GHSA-g3g9-5vj6-r3gj) affects Nix versions back to 2.21 with multiple patched releases; patches are being rolled into nixpkgs. Upgrading to patched versions and applying the related mitigations is strongly recommended for affected environments.