CVE-2026-44029

Source
https://cve.org/CVERecord?id=CVE-2026-44029
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-44029.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-44029
Aliases
  • GHSA-gr92-w2r5-qw5p
Downstream
Published
2026-05-05T00:51:05.533Z
Modified
2026-07-08T08:13:28.318964635Z
Severity
  • 5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVSS Calculator
Summary
[none]
Details

An issue was discovered in Nix before 2.34.7. Writing to arbitrary files can occur via "nix-prefetch-url --unpack" or "nix store prefetch-file --unpack" directory traversal. The fixed versions are 2.34.7, 2.33.6, 2.32.8, 2.31.5, 2.30.5, 2.29.4, and 2.28.7 (introduced in 2.24.7);

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/44xxx/CVE-2026-44029.json",
    "cwe_ids": [
        "CWE-36"
    ],
    "cna_assigner": "mitre"
}
References

Affected packages

Git / github.com/nixos/nix

Affected ranges

Type
GIT
Repo
https://github.com/nixos/nix
Events
Database specific
{
    "source": "AFFECTED_FIELD",
    "extracted_events": [
        {
            "introduced": "2.24.7"
        },
        {
            "fixed": "2.28.7"
        },
        {
            "introduced": "2.29.0"
        },
        {
            "fixed": "2.29.4"
        },
        {
            "introduced": "2.30.0"
        },
        {
            "fixed": "2.30.5"
        },
        {
            "introduced": "2.31.0"
        },
        {
            "fixed": "2.31.5"
        },
        {
            "introduced": "2.32.0"
        },
        {
            "fixed": "2.32.8"
        },
        {
            "introduced": "2.33.0"
        },
        {
            "fixed": "2.33.6"
        },
        {
            "introduced": "2.34.0"
        },
        {
            "fixed": "2.34.7"
        }
    ]
}

Affected versions

2.*
2.29.0
2.29.1
2.29.2
2.29.3
2.30.0
2.30.1
2.30.2
2.30.3
2.30.4
2.31.0
2.31.1
2.31.2
2.31.3
2.31.4
2.32.0
2.32.1
2.32.2
2.32.3
2.32.4
2.32.5
2.32.6
2.32.7
2.33.0
2.33.1
2.33.2
2.33.3
2.33.4
2.33.5
2.34.0
2.34.1
2.34.2
2.34.3
2.34.4
2.34.5
2.34.6

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-44029.json"