An issue was discovered in Nix before 2.34.7. Writing to arbitrary files can occur via "nix-prefetch-url --unpack" or "nix store prefetch-file --unpack" directory traversal. The fixed versions are 2.34.7, 2.33.6, 2.32.8, 2.31.5, 2.30.5, 2.29.4, and 2.28.7 (introduced in 2.24.7);
{
"osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/44xxx/CVE-2026-44029.json",
"cwe_ids": [
"CWE-36"
],
"cna_assigner": "mitre"
}{
"source": "AFFECTED_FIELD",
"extracted_events": [
{
"introduced": "2.24.7"
},
{
"fixed": "2.28.7"
},
{
"introduced": "2.29.0"
},
{
"fixed": "2.29.4"
},
{
"introduced": "2.30.0"
},
{
"fixed": "2.30.5"
},
{
"introduced": "2.31.0"
},
{
"fixed": "2.31.5"
},
{
"introduced": "2.32.0"
},
{
"fixed": "2.32.8"
},
{
"introduced": "2.33.0"
},
{
"fixed": "2.33.6"
},
{
"introduced": "2.34.0"
},
{
"fixed": "2.34.7"
}
]
}