Nixpkgs security tracker

Login with GitHub

Details of issue NIXPKGS-2026-0259

NIXPKGS-2026-0259
published 4 months, 1 week ago
Permalink CVE-2026-21878
7.5 HIGH
  • CVSS version (CVSS): 3.1
  • Attack Vector (AV): Network (N)
  • Attack Complexity (AC): Low (L)
  • Privileges Required (PR): None (N)
  • User Interaction (UI): None (N)
  • Scope (S): Unchanged (U)
  • Confidentiality (C): None (N)
  • Integrity (I): High (H)
  • Availability (A): None (N)
  • Modified Attack Vector (MAV): Network (N)
  • Modified Attack Complexity (MAC): Low (L)
  • Modified Privileges Required (MPR): None (N)
  • Modified User Interaction (MUI): None (N)
  • Modified Confidentiality (MC): None (N)
  • Modified Scope (MS): Unchanged (U)
  • Modified Integrity (MI): High (H)
  • Modified Availability (MA): None (N)
updated 4 months, 1 week ago by @LeSuisse Activity log
  • Created suggestion 4 months, 1 week ago
  • @LeSuisse accepted 4 months, 1 week ago
  • @LeSuisse published on GitHub 4 months, 1 week ago
BACnet Stack Improperly Limits Pathnames to a Restricted Directory

BACnet Stack is a BACnet open source protocol stack C library for embedded systems. Prior to 1.5.0.rc3, a vulnerability has been discovered in BACnet Stack's file writing functionality where there is no validation of user-provided file paths, allowing attackers to write files to arbitrary directories. This affects apps/readfile/main.c and ports/posix/bacfile-posix.c. This vulnerability is fixed in 1.5.0.rc3.

Affected products

bacnet-stack
  • ==< 1.5.0.rc3

Matching in nixpkgs

pkgs.bacnet-stack

BACnet open source protocol stack for embedded systems, Linux, and Windows

Package maintainers

Unclear from the advisory if it only impacts version >= 1.5.0.rc1 or not.

Upstream advisory: https://github.com/bacnet-stack/bacnet-stack/security/advisories/GHSA-p8rx-c26w-545j
Upstream patch: https://github.com/bacnet-stack/bacnet-stack/commit/c5dc00a77b4bc2550befa67a930b333e299c18f3