Nixpkgs Security Tracker

Login with GitHub

Details of issue NIXPKGS-2026-0690

NIXPKGS-2026-0690

GitHub issue published on 23 Mar 2026

Permalink CVE-2025-71276

6.4 MEDIUM

CVSS version: 3.1
Attack vector (AV): NETWORK
Attack complexity (AC): LOW
Privileges required (PR): LOW
User interaction (UI): NONE
Scope (S): CHANGED
Confidentiality impact (C): LOW
Integrity impact (I): LOW
Availability impact (A): NONE

updated 1 day, 3 hours ago by @LeSuisse Activity log

Created automatic suggestion 1 day, 12 hours ago
@LeSuisse accepted 1 day, 4 hours ago
@LeSuisse published on GitHub 1 day, 3 hours ago

SOGo before 5.12.5 is prone to a XSS vulnerability with …

SOGo before 5.12.5 is prone to a XSS vulnerability with events, tasks, and contacts categories.

References

https://github.com/Alinto/sogo/commit/e9b3f2a43d7557e8416f6749df4ab4f9128af2d1

Affected products

SOGo

<5.12.5

Matching in nixpkgs

pkgs.sogo

Very fast and scalable modern collaboration suite (groupware)

nixos-unstable 5.12.4
- nixpkgs-unstable 5.12.4
- nixos-unstable-small 5.12.4
nixos-25.11 5.12.4
- nixos-25.11-small 5.12.4
- nixpkgs-25.11-darwin 5.12.4

Package maintainers

@jceb Jan Christoph Ebersbach <jceb@e-jc.de>

Upstream patch: https://github.com/Alinto/sogo/commit/e9b3f2a43d7557e8416f6749df4ab4f9128af2d1