Nixpkgs Security Tracker

Login with GitHub

Suggestion detail

Dismissed
Permalink CVE-2026-26365
4.0 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV):
  • Attack complexity (AC):
  • Privileges required (PR):
  • User interaction (UI):
  • Scope (S):
  • Confidentiality impact (C):
  • Integrity impact (I):
  • Availability impact (A):
updated 3 weeks, 6 days ago by @mweinelt Activity log
  • Created automatic suggestion 3 weeks, 6 days ago
  • @mweinelt removed
    23 packages
    • ghost
    • ghostie
    • ghostty
    • ghost-cli
    • ghostfolio
    • ghostunnel
    • ghostscript
    • ghosttohugo
    • ghostty-bin
    • ghostscriptX
    • ghostscript_headless
    • libsForQt5.ghostwriter
    • kdePackages.ghostwriter
    • plasma5Packages.ghostwriter
    • haskellPackages.ghost-buster
    • python312Packages.ghostscript
    • python313Packages.ghostscript
    • python314Packages.ghostscript
    • tests.texlive.dvipng.ghostscript
    • haskellPackages.ghostscript-parallel
    • tree-sitter-grammars.tree-sitter-ghostty
    • python313Packages.tree-sitter-grammars.tree-sitter-ghostty
    • python314Packages.tree-sitter-grammars.tree-sitter-ghostty
    3 weeks, 6 days ago
  • @mweinelt dismissed 3 weeks, 6 days ago
Akamai Ghost on Akamai CDN edge servers before 2026-02-06 mishandles …

Akamai Ghost on Akamai CDN edge servers before 2026-02-06 mishandles processing of custom hop-by-hop HTTP headers, where an incoming request containing the header "Connection: Transfer-Encoding" could result in a forward request with invalid message framing, depending on the Akamai processing path. This could result in the origin server parsing the request body incorrectly, leading to HTTP request smuggling.

References

Affected products

Ghost
  • <2026-02-06
Ignored packages (23) 
Cloud service, not in nixpkgs.