BotBeat
...
← Back

> ▌

NixNix
POLICY & REGULATIONNix2026-04-07

Critical Privilege Escalation Vulnerability Discovered in Nix Package Manager

Key Takeaways

  • ▸Critical privilege escalation vulnerability (CVE-2026-39860) affects Nix versions 2.21-2.34.4, allowing root-level file writes
  • ▸All users with build submission permissions to the Nix daemon are capable of exploiting this vulnerability by default
  • ▸Patched versions are now available across multiple release branches; immediate updates are strongly recommended
Source:
Hacker Newshttps://discourse.nixos.org/t/nix-security-advisory-privilege-escalation-via-symlink-following-during-fod-output-registration/76900↗

Summary

A critical privilege escalation vulnerability has been discovered in the Nix package manager, affecting versions 2.21 and later through 2.34.4. The vulnerability, identified as CVE-2026-39860 (GHSA-g3g9-5vj6-r3gj), allows any user permitted to submit builds to the Nix daemon to achieve arbitrary file writes as root and subsequent privilege escalation through symlink following during Fixed-Output Derivation (FOD) output registration. This impacts all default configurations of NixOS and systems building untrusted derivations on sandboxed Linux configurations.

The Nix team has released patched versions (2.34.5, 2.33.4, 2.32.7, 2.31.4, 2.30.4, 2.29.3, and 2.28.6) that address the issue. Notably, Lix users are unaffected by this vulnerability. The vulnerability was introduced as part of prior fixes for CVE-2024-27297, and patches for versions 2.31 through 2.34 include additional mitigations to prevent cooperating fixed-output derivations from communicating and passing file descriptors between distinct sandboxes.

  • Lix, an alternative Nix implementation, is unaffected by this vulnerability
  • The issue stems from symlink following during FOD output registration and impacts default NixOS configurations
MLOps & InfrastructureCybersecurityRegulation & Policy

More from Nix

NixNix
PRODUCT LAUNCH

Semiconductor Startup Phoenix Builds Chip Replacements for Critical Legacy Systems

2026-06-16
NixNix
POLICY & REGULATION

South Korea Proposes AI Profit Dividend as Tech Stocks Tumble Amid Wealth Distribution Debate

2026-06-16
NixNix
INDUSTRY REPORT

AI Boom Propels SK Hynix and Micron to $1 Trillion Valuations

2026-05-27

Comments

Suggested

Google / AlphabetGoogle / Alphabet
POLICY & REGULATION

German Court Rules Google Liable for AI Search Summaries, Reshaping AI Accountability

2026-07-07
MicrosoftMicrosoft
RESEARCH

First AI-Executed Ransomware Attack Shows Frontier Model Safety Measures Holding Up

2026-07-07
Mobile Dev Inc.Mobile Dev Inc.
UPDATE

Maestro Brings Agentic AI Capabilities to Mobile UI Testing

2026-07-07
← Back to news
© 2026 BotBeat
AboutPrivacy PolicyTerms of ServiceContact Us