Nix is a package manager for Linux and other Unix systems. A bug in the fix for CVE-2024-27297 allowed for arbitrary overwrites of files writable by the Nix process orchestrating the builds (typically the Nix daemon running as root in multi-user installations) by following symlinks during fixed-output derivation output registration. This affects sandboxed Linux builds - sandboxed macOS builds are unaffected. The location of the temporary output used for the output copy was located inside the build chroot. A symlink, pointing to an arbitrary location in the filesystem, could be created by the derivation builder at that path. During output registration, the Nix process (running in the host mount namespace) would follow that symlink and overwrite the destination with the derivation's output contents. In multi-user installations, this allows all users able to submit builds to the Nix daemon (allowed-users - defaulting to all users) to gain root privileges by modifying sensitive files. This vulnerability is fixed in 2.34.5, 2.33.4, 2.32.7, 2.31.4, 2.30.4, 2.29.3, and 2.28.6.
This vulnerability carries a CRITICAL severity rating with a CVSS v3.1 score of 9.0, requiring local system access to exploit with relatively low complexity without requiring user interaction and does not require pre-existing privileges . The vulnerability impacts confidentiality (data exposure), integrity (unauthorized modifications), for affected systems. Impacting 2 products from nixos, from linux organizations running these solutions should prioritize assessment and patching.
Reported in 2026, this vulnerability emerged during an era marked by increased sophistication in supply chain attacks, cloud infrastructure vulnerabilities, and software-as-a-service (SaaS) security challenges. Security practices during this period emphasized zero-trust architectures, container security, and API protection.
2026-04-08T21:17:00.157
2026-04-15T16:12:21.480
Analyzed
CVSSv3.1: 9.0 (CRITICAL)
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Application | nixos | nix | ≤ 2.18.9 | Yes |
| Application | nixos | nix | ≤ 2.19.7 | Yes |
| Application | nixos | nix | ≤ 2.20.9 | Yes |
| Application | nixos | nix | < 2.28.6 | Yes |
| Application | nixos | nix | < 2.29.3 | Yes |
| Application | nixos | nix | < 2.30.4 | Yes |
| Application | nixos | nix | < 2.31.4 | Yes |
| Application | nixos | nix | < 2.32.7 | Yes |
| Application | nixos | nix | < 2.33.4 | Yes |
| Application | nixos | nix | < 2.34.5 | Yes |
| Operating System | linux | linux_kernel | - | No |
SecUtils normalizes and enriches National Vulnerability Database (NVD) records by standardizing vendor and product identifiers, aggregating vulnerability metadata from both NVD and MITRE sources, and providing structured context for security teams. For nixos's affected products, we extract Common Platform Enumeration (CPE) data, Common Weakness Enumeration (CWE) classifications, CVSS severity metrics, and reference data to enable rapid vulnerability prioritization and asset correlation. This record contains no exploit code, proof-of-concept instructions, or attack methodologies—only defensive intelligence necessary for patch management, risk assessment, and security operations.