Nixpkgs Security Tracker

Login with GitHub

Suggestion detail

Dismissed
Permalink CVE-2026-25957
6.5 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): NONE
  • Availability impact (A): HIGH
updated 1 month, 1 week ago by @LeSuisse Activity log
  • Created automatic suggestion 1 month, 2 weeks ago
  • @LeSuisse removed
    40 packages
    • cubeb
    • kmscube
    • pascube
    • musikcube
    • roundcube
    • classicube
    • metacubexd
    • assaultcube
    • stm32cubemx
    • gamecube-tools
    • hyperspeedcube
    • dockapps.wmcube
    • idrisPackages.cube
    • spacenav-cube-example
    • kdePackages.kjumpingcube
    • roundcubePlugins.carddav
    • gnomeExtensions.desktop-cube
    • phpExtensions.ioncube-loader
    • python312Packages.complycube
    • python313Packages.complycube
    • python314Packages.complycube
    • roundcubePlugins.contextmenu
    • roundcubePlugins.custom_from
    • haskellPackages.resistor-cube
    • python312Packages.maxcube-api
    • python313Packages.maxcube-api
    • python314Packages.maxcube-api
    • haskellPackages.marching-cubes
    • php81Extensions.ioncube-loader
    • php82Extensions.ioncube-loader
    • php83Extensions.ioncube-loader
    • php84Extensions.ioncube-loader
    • haskellPackages.marching-cubes2
    • python312Packages.spectral-cube
    • python313Packages.spectral-cube
    • python314Packages.spectral-cube
    • roundcubePlugins.persistent_login
    • roundcubePlugins.thunderbird_labels
    • home-assistant-component-tests.maxcube
    • tests.home-assistant-component-tests.maxcube
    1 month, 1 week ago
  • @LeSuisse dismissed 1 month, 1 week ago
Cube Denial of Service (DoS) - An authenticated attacker can crash the server by sending a specially crafted request

Cube is a semantic layer for building data applications. From 1.1.17 to before 1.5.13 and 1.4.2, it is possible to make the entire Cube API unavailable by submitting a specially crafted request to a Cube API endpoint. This vulnerability is fixed in 1.5.13 and 1.4.2.

References

Affected products

cube
  • ==>= 1.1.17, < 1.4.2
  • ==>= 1.5.0, < 1.5.13 
Not present in nixpkgs