NIXPKGS-2026-0335

GitHub issue published on 26 Feb 2026

Permalink CVE-2026-0777

updated 3 weeks, 3 days ago by @LeSuisse Activity log

Created automatic suggestion 1 month ago
@LeSuisse removed
31 packages
- libmaxminddb
- phpExtensions.maxminddb
- python312Packages.xmind
- python313Packages.xmind
- python314Packages.xmind
- dotnetPackages.MaxMindDb
- php81Extensions.maxminddb
- php82Extensions.maxminddb
- php83Extensions.maxminddb
- php84Extensions.maxminddb
- php85Extensions.maxminddb
- python312Packages.maxminddb
- python313Packages.maxminddb
- python314Packages.maxminddb
- dotnetPackages.MaxMindGeoIP2
- perlPackages.MaxMindDBCommon
- perlPackages.MaxMindDBReader
- perlPackages.MaxMindDBWriter
- perl5Packages.MaxMindDBCommon
- perl5Packages.MaxMindDBReader
- perl5Packages.MaxMindDBWriter
- perlPackages.MaxMindDBReaderXS
- perl538Packages.MaxMindDBCommon
- perl538Packages.MaxMindDBReader
- perl538Packages.MaxMindDBWriter
- perl540Packages.MaxMindDBCommon
- perl540Packages.MaxMindDBReader
- perl540Packages.MaxMindDBWriter
- perl5Packages.MaxMindDBReaderXS
- perl538Packages.MaxMindDBReaderXS
- perl540Packages.MaxMindDBReaderXS
3 weeks, 3 days ago
@LeSuisse accepted 3 weeks, 3 days ago
@LeSuisse published on GitHub 3 weeks, 3 days ago

Xmind Attachment Insufficient UI Warning Remote Code Execution Vulnerability

Xmind Attachment Insufficient UI Warning Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Xmind. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of attachments. When opening an attachment, the user interface fails to warn the user of unsafe actions. An attacker can leverage this vulnerability to execute code in the context of current user. Was ZDI-CAN-26034.

References

ZDI-26-069 x_research-advisory

Affected products

Xmind

==24.10.01101-202410202317

Matching in nixpkgs

pkgs.xmind

All-in-one thinking tool featuring mind mapping, AI generation, and real-time collaboration

nixos-unstable 26.01.03145-202510170359
- nixpkgs-unstable 26.01.03145-202510170359
- nixos-unstable-small 26.01.03145-202510170359
nixos-25.11 25.07.03033-202507241842
- nixos-25.11-small 25.07.03033-202507241842
- nixpkgs-25.11-darwin 25.07.03033-202507241842

Ignored packages (31)

pkgs.libmaxminddb

C library for working with MaxMind geolocation DB files

nixos-unstable 1.12.2
- nixpkgs-unstable 1.12.2
- nixos-unstable-small 1.12.2
nixos-25.11 1.12.2
- nixos-25.11-small 1.12.2
- nixpkgs-25.11-darwin 1.12.2

pkgs.phpExtensions.maxminddb

C extension that is a drop-in replacement for MaxMind\Db\Reader

nixos-unstable 1.13.1
- nixpkgs-unstable 1.13.1
- nixos-unstable-small 1.13.1
nixos-25.11 1.12.1
- nixos-25.11-small 1.12.1
- nixpkgs-25.11-darwin 1.12.1

pkgs.python312Packages.xmind

Python module to create mindmaps

nixos-25.11 1.2.0
- nixos-25.11-small 1.2.0
- nixpkgs-25.11-darwin 1.2.0

pkgs.python313Packages.xmind

Python module to create mindmaps

nixos-unstable 1.2.0
- nixpkgs-unstable 1.2.0
- nixos-unstable-small 1.2.0
nixos-25.11 1.2.0
- nixos-25.11-small 1.2.0
- nixpkgs-25.11-darwin 1.2.0

pkgs.python314Packages.xmind

Python module to create mindmaps

nixos-unstable 1.2.0
- nixpkgs-unstable 1.2.0
- nixos-unstable-small 1.2.0

pkgs.dotnetPackages.MaxMindDb

None

nixos-unstable 1.1.0.0
- nixpkgs-unstable 1.1.0.0
- nixos-unstable-small 1.1.0.0
nixos-25.11 1.1.0.0
- nixos-25.11-small 1.1.0.0
- nixpkgs-25.11-darwin 1.1.0.0

pkgs.php81Extensions.maxminddb

C extension that is a drop-in replacement for MaxMind\Db\Reader

pkgs.php82Extensions.maxminddb

C extension that is a drop-in replacement for MaxMind\Db\Reader

nixos-unstable 1.13.1
- nixpkgs-unstable 1.13.1
- nixos-unstable-small 1.13.1
nixos-25.11 1.12.1
- nixos-25.11-small 1.12.1
- nixpkgs-25.11-darwin 1.12.1

pkgs.php83Extensions.maxminddb

C extension that is a drop-in replacement for MaxMind\Db\Reader

nixos-unstable 1.13.1
- nixpkgs-unstable 1.13.1
- nixos-unstable-small 1.13.1
nixos-25.11 1.12.1
- nixos-25.11-small 1.12.1
- nixpkgs-25.11-darwin 1.12.1

pkgs.php84Extensions.maxminddb

C extension that is a drop-in replacement for MaxMind\Db\Reader

nixos-unstable 1.13.1
- nixpkgs-unstable 1.13.1
- nixos-unstable-small 1.13.1
nixos-25.11 1.12.1
- nixos-25.11-small 1.12.1
- nixpkgs-25.11-darwin 1.12.1

pkgs.php85Extensions.maxminddb

C extension that is a drop-in replacement for MaxMind\Db\Reader

nixos-unstable 1.13.1
- nixpkgs-unstable 1.13.1
- nixos-unstable-small 1.13.1
nixos-25.11 1.12.1
- nixos-25.11-small 1.12.1
- nixpkgs-25.11-darwin 1.12.1

pkgs.python312Packages.maxminddb

Reader for the MaxMind DB format

nixos-25.11 2.8.2
- nixos-25.11-small 2.8.2
- nixpkgs-25.11-darwin 2.8.2

pkgs.python313Packages.maxminddb

Reader for the MaxMind DB format

nixos-unstable 2.8.2
- nixpkgs-unstable 2.8.2
- nixos-unstable-small 2.8.2
nixos-25.11 2.8.2
- nixos-25.11-small 2.8.2
- nixpkgs-25.11-darwin 2.8.2

pkgs.python314Packages.maxminddb

Reader for the MaxMind DB format

nixos-unstable 2.8.2
- nixpkgs-unstable 2.8.2
- nixos-unstable-small 2.8.2

pkgs.dotnetPackages.MaxMindGeoIP2

None

nixos-unstable 2.3.1
- nixpkgs-unstable 2.3.1
- nixos-unstable-small 2.3.1
nixos-25.11 2.3.1
- nixos-25.11-small 2.3.1
- nixpkgs-25.11-darwin 2.3.1

pkgs.perlPackages.MaxMindDBCommon

Code shared by the MaxMind DB reader and writer modules

nixos-unstable 0.040001
- nixpkgs-unstable 0.040001
- nixos-unstable-small 0.040001
nixos-25.11 0.040001
- nixos-25.11-small 0.040001
- nixpkgs-25.11-darwin 0.040001

pkgs.perlPackages.MaxMindDBReader

Read MaxMind DB files and look up IP addresses

nixos-unstable 1.000014
- nixpkgs-unstable 1.000014
- nixos-unstable-small 1.000014
nixos-25.11 1.000014
- nixos-25.11-small 1.000014
- nixpkgs-25.11-darwin 1.000014

pkgs.perlPackages.MaxMindDBWriter

Create MaxMind DB database files

nixos-unstable 0.300003
- nixpkgs-unstable 0.300003
- nixos-unstable-small 0.300003
nixos-25.11 0.300003
- nixos-25.11-small 0.300003
- nixpkgs-25.11-darwin 0.300003

pkgs.perl5Packages.MaxMindDBCommon

Code shared by the MaxMind DB reader and writer modules

nixos-unstable 0.040001
- nixpkgs-unstable 0.040001
- nixos-unstable-small 0.040001

pkgs.perl5Packages.MaxMindDBReader

Read MaxMind DB files and look up IP addresses

nixos-unstable 1.000014
- nixpkgs-unstable 1.000014
- nixos-unstable-small 1.000014

pkgs.perl5Packages.MaxMindDBWriter

Create MaxMind DB database files

nixos-unstable 0.300003
- nixpkgs-unstable 0.300003
- nixos-unstable-small 0.300003

pkgs.perlPackages.MaxMindDBReaderXS

Fast XS implementation of MaxMind DB reader

nixos-unstable 1.000009
- nixpkgs-unstable 1.000009
- nixos-unstable-small 1.000009
nixos-25.11 1.000009
- nixos-25.11-small 1.000009
- nixpkgs-25.11-darwin 1.000009

pkgs.perl538Packages.MaxMindDBCommon

Code shared by the MaxMind DB reader and writer modules

nixos-25.11 0.040001
- nixos-25.11-small 0.040001
- nixpkgs-25.11-darwin 0.040001

pkgs.perl538Packages.MaxMindDBReader

Read MaxMind DB files and look up IP addresses

nixos-25.11 1.000014
- nixos-25.11-small 1.000014
- nixpkgs-25.11-darwin 1.000014

pkgs.perl538Packages.MaxMindDBWriter

Create MaxMind DB database files

nixos-25.11 0.300003
- nixos-25.11-small 0.300003
- nixpkgs-25.11-darwin 0.300003

pkgs.perl540Packages.MaxMindDBCommon

Code shared by the MaxMind DB reader and writer modules

nixos-25.11 0.040001
- nixos-25.11-small 0.040001
- nixpkgs-25.11-darwin 0.040001

pkgs.perl540Packages.MaxMindDBReader

Read MaxMind DB files and look up IP addresses

nixos-25.11 1.000014
- nixos-25.11-small 1.000014
- nixpkgs-25.11-darwin 1.000014

pkgs.perl540Packages.MaxMindDBWriter

Create MaxMind DB database files

nixos-25.11 0.300003
- nixos-25.11-small 0.300003
- nixpkgs-25.11-darwin 0.300003

pkgs.perl5Packages.MaxMindDBReaderXS

Fast XS implementation of MaxMind DB reader

nixos-unstable 1.000009
- nixpkgs-unstable 1.000009
- nixos-unstable-small 1.000009

pkgs.perl538Packages.MaxMindDBReaderXS

Fast XS implementation of MaxMind DB reader

nixos-25.11 1.000009
- nixos-25.11-small 1.000009
- nixpkgs-25.11-darwin 1.000009

pkgs.perl540Packages.MaxMindDBReaderXS

Fast XS implementation of MaxMind DB reader

nixos-25.11 1.000009
- nixos-25.11-small 1.000009
- nixpkgs-25.11-darwin 1.000009

Package maintainers

@michalrus Michal Rus <m@michalrus.com>

ZDI advisory: https://www.zerodayinitiative.com/advisories/ZDI-26-069/

Apparently mitigated in 26.02

Nixpkgs Security Tracker

Details of issue NIXPKGS-2026-0335

References

Affected products

Matching in nixpkgs

pkgs.xmind

pkgs.libmaxminddb

pkgs.phpExtensions.maxminddb

pkgs.python312Packages.xmind

pkgs.python313Packages.xmind

pkgs.python314Packages.xmind

pkgs.dotnetPackages.MaxMindDb

pkgs.php81Extensions.maxminddb

pkgs.php82Extensions.maxminddb

pkgs.php83Extensions.maxminddb

pkgs.php84Extensions.maxminddb

pkgs.php85Extensions.maxminddb

pkgs.python312Packages.maxminddb

pkgs.python313Packages.maxminddb

pkgs.python314Packages.maxminddb

pkgs.dotnetPackages.MaxMindGeoIP2

pkgs.perlPackages.MaxMindDBCommon

pkgs.perlPackages.MaxMindDBReader

pkgs.perlPackages.MaxMindDBWriter

pkgs.perl5Packages.MaxMindDBCommon

pkgs.perl5Packages.MaxMindDBReader

pkgs.perl5Packages.MaxMindDBWriter

pkgs.perlPackages.MaxMindDBReaderXS

pkgs.perl538Packages.MaxMindDBCommon

pkgs.perl538Packages.MaxMindDBReader

pkgs.perl538Packages.MaxMindDBWriter

pkgs.perl540Packages.MaxMindDBCommon

pkgs.perl540Packages.MaxMindDBReader

pkgs.perl540Packages.MaxMindDBWriter

pkgs.perl5Packages.MaxMindDBReaderXS

pkgs.perl538Packages.MaxMindDBReaderXS

pkgs.perl540Packages.MaxMindDBReaderXS

Package maintainers