CNNVD-202602-042 Information

CNNVD ID

CNNVD-202602-042

Related CVE

CVE-2026-25137

• CNNVD Published: 2026-02-02

Description (Chinese)

Nixpkgs是NixOS开源的一个 100000 多个软件包的集合。可以使用 Nix 包管理器安装。 Nixpkgs 21.11至25.11之前版本和26.05之前版本存在安全漏洞，该漏洞源于数据库管理器公开暴露且无身份验证，可能导致未经授权的数据库访问。

Description (English)

Nixpkgs is a collection of over 100,000 software packages from NixOS open source. can be installed using the Nix Package Manager. Nixpkgs 21.11 to 25.11 and 26.05 have a security loophole, which stems from the open exposure of the database manager and the lack of identification, which could lead to unauthorized database access.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

NixOS

Published

2026-02-02

Last Modified

2026-02-24

References

https://github.com/NixOS/nixpkgs/pull/485310 https://github.com/NixOS/nixpkgs/pull/485454 https://github.com/NixOS/nixpkgs/security/advisories/GHSA-cwmq-6wv5-f3px

Patch

https://github.com/NixOS/nixpkgs