Nixpkgs security tracker

Login with GitHub

Suggestion detail

Dismissed

(not in Nixpkgs)

Permalink CVE-2026-40947

2.9 LOW

CVSS version: 3.1
Attack vector (AV): LOCAL
Attack complexity (AC): HIGH
Privileges required (PR): NONE
User interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality impact (C): NONE
Integrity impact (I): LOW
Availability impact (A): NONE

updated 1 week, 6 days ago by @LeSuisse Activity log

Created suggestion 1 week, 6 days ago
@LeSuisse ignored package yubikey-manager 1 week, 6 days ago
@LeSuisse dismissed (not in Nixpkgs) 1 week, 6 days ago

Yubico libfido2 before 1.17.0, python-fido2 before 2.2.0, and yubikey-manager before …

Yubico libfido2 before 1.17.0, python-fido2 before 2.2.0, and yubikey-manager before 5.9.1 have an unintended DLL search path.

References

https://www.yubico.com/support/security-advisories/ysa-2026-01/

Affected products

libfido2

<1.17.0

python-fido2

<2.2.0

yubikey-manager

<5.9.1

Matching in nixpkgs

pkgs.libfido2

Provides library functionality for FIDO 2.0, including communication with a device over USB.

nixos-unstable 1.16.0
- nixpkgs-unstable 1.16.0
- nixos-unstable-small 1.16.0
nixos-25.11 1.16.0
- nixos-25.11-small 1.16.0
- nixpkgs-25.11-darwin 1.16.0

Ignored packages (1)

pkgs.yubikey-manager

Command line tool for configuring any YubiKey over all USB transports

nixos-unstable 5.9.0
- nixpkgs-unstable 5.9.0
- nixos-unstable-small 5.9.0
nixos-25.11 5.8.0
- nixos-25.11-small 5.8.0
- nixpkgs-25.11-darwin 5.8.0

Package maintainers

@prusnak Pavol Rusnak <pavol@rusnak.io>

Windows only