Bug 2466634 (CVE-2026-44029) - CVE-2026-44029 nix: absolute path traversal when unpacking archives to disk
Summary: CVE-2026-44029 nix: absolute path traversal when unpacking archives to disk
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2026-44029
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 2478030 2478031
Blocks:
TreeView+ depends on / blocked
 
Reported: 2026-05-05 02:01 UTC by OSIDB Bzimport
Modified: 2026-05-19 12:31 UTC (History)
0 users

Fixed In Version: nix-2.34.7-2.fc45 nix-2.34.7-2.fc44 nix-2.31.5-1.fc43 nix-2.31.5-1.fc42
Clone Of:
Environment:
Last Closed: 2026-05-16 07:06:55 UTC
Embargoed:


Attachments (Terms of Use)

Description OSIDB Bzimport 2026-05-05 02:01:25 UTC
An issue was discovered in Nix before 2.34.7. Writing to arbitrary files can occur via "nix-prefetch-url --unpack" or "nix store prefetch-file --unpack" directory traversal. The fixed versions are 2.34.7, 2.33.6, 2.32.8, 2.31.5, 2.30.5, 2.29.4, and 2.28.7 (introduced in 2.24.7);

Comment 3 Jens Petersen 2026-05-16 07:06:55 UTC
Fixed in 2.34.7 and 2.31.5


Note You need to log in before you can comment on or make changes to this bug.