Nixpkgs security tracker
Dismissed
(not in Nixpkgs)
Permalink
CVE-2026-22676
7.8 HIGH
- CVSS version (CVSS): 3.1
- Attack Vector (AV): Local (L)
- Attack Complexity (AC): Low (L)
- Privileges Required (PR): Low (L)
- User Interaction (UI): None (N)
- Scope (S): Unchanged (U)
- Confidentiality (C): High (H)
- Integrity (I): High (H)
- Availability (A): High (H)
- Modified Attack Vector (MAV): Local (L)
- Modified Attack Complexity (MAC): Low (L)
- Modified Privileges Required (MPR): Low (L)
- Modified User Interaction (MUI): None (N)
- Modified Confidentiality (MC): High (H)
- Modified Scope (MS): Unchanged (U)
- Modified Integrity (MI): High (H)
- Modified Availability (MA): High (H)
by @LeSuisse Activity log
- Created suggestion
- @LeSuisse dismissed (not in Nixpkgs)
Barracuda RMM < 2025.2.2 Privilege Escalation via Insecure Directory Permissions
Barracuda RMM versions prior to 2025.2.2 contain a privilege escalation vulnerability that allows local attackers to gain SYSTEM-level privileges by exploiting overly permissive filesystem ACLs on the C:\Windows\Automation directory. Attackers can modify existing automation content or place attacker-controlled files in this directory, which are then executed under the NT AUTHORITY\SYSTEM account during routine automation cycles, typically succeeding within the next execution cycle.
References
-
-
https://www.vulncheck.com/advisories/barracuda-rmm-privilege-escalation-via-ins… third-party-advisory
Affected products
RMM
- <2025.2.2
Matching in nixpkgs
pkgs.parmmg
Distributed parallelization of 3D volume mesh adaptation
pkgs.pkgsRocm.parmmg
Distributed parallelization of 3D volume mesh adaptation
pkgs.gst_all_1.gstreamermm
C++ interface for GStreamer
pkgs.tests.fetchgit.sparseCheckoutNonConeMode
None
-
nixos-unstable i57a8yrmmwhi
- nixpkgs-unstable i57a8yrmmwhi
- nixos-unstable-small i57a8yrmmwhi
Package maintainers
-
@romildo José Romildo Malaquias <malaquias@gmail.com>
-
@mk3z Matias Zwinger <matias+nix@zwinger.fi>