Nixpkgs security tracker

Login with GitHub

Details of issue NIXPKGS-2026-1151

NIXPKGS-2026-1151

GitHub issue published on

Permalink CVE-2026-41082

7.3 HIGH

CVSS version: 3.1
Attack vector (AV): LOCAL
Attack complexity (AC): LOW
Privileges required (PR): NONE
User interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality impact (C): LOW
Integrity impact (I): HIGH
Availability impact (A): LOW

updated an hour ago by @LeSuisse Activity log

Created automatic suggestion 11 hours ago
@LeSuisse ignored
23 packages
- dopamine
- opam2json
- opam-publish
- opam-installer
- ocamlPackages.opam-core
- ocamlPackages.opam-state
- ocamlPackages.opam-client
- ocamlPackages.opam-format
- ocamlPackages.opam-solver
- ocamlPackages.opam-repository
- ocamlPackages.opam-file-format
- ocamlPackages_latest.opam-core
- ocamlPackages_latest.opam-state
- ocamlPackages.opam-0install-cudf
- ocamlPackages_latest.opam-client
- ocamlPackages_latest.opam-format
- ocamlPackages_latest.opam-solver
- ocamlPackages_latest.opam-repository
- ocamlPackages_latest.opam-file-format
- tree-sitter-grammars.tree-sitter-opam
- ocamlPackages_latest.opam-0install-cudf
- python313Packages.tree-sitter-grammars.tree-sitter-opam
- python314Packages.tree-sitter-grammars.tree-sitter-opam
an hour ago
@LeSuisse accepted an hour ago
@LeSuisse published on GitHub an hour ago

In OCaml opam before 2.5.1, a .install field containing a …

In OCaml opam before 2.5.1, a .install field containing a destination filepath can use ../ to reach a parent directory.

References

Affected products

opam

<2.5.1

Matching in nixpkgs

pkgs.opam

Package manager for OCaml

nixos-unstable 2.5.0
- nixpkgs-unstable 2.5.0
- nixos-unstable-small 2.5.0
nixos-25.11 2.4.1
- nixos-25.11-small 2.4.1
- nixpkgs-25.11-darwin 2.4.1

Ignored packages (23)

pkgs.dopamine

Audio player that keeps it simple

nixos-unstable 3.0.4
- nixpkgs-unstable 3.0.3
- nixos-unstable-small 3.0.4
nixos-25.11 3.0.0
- nixos-25.11-small 3.0.0
- nixpkgs-25.11-darwin 3.0.0

pkgs.opam2json

Convert opam file syntax to JSON

nixos-unstable 0.4
- nixpkgs-unstable 0.4
- nixos-unstable-small 0.4
nixos-25.11 0.4
- nixos-25.11-small 0.4
- nixpkgs-25.11-darwin 0.4

pkgs.opam-publish

Tool to ease contributions to opam repositories

nixos-unstable 2.7.1
- nixpkgs-unstable 2.7.1
- nixos-unstable-small 2.7.1
nixos-25.11 2.7.0
- nixos-25.11-small 2.7.0
- nixpkgs-25.11-darwin 2.7.0

pkgs.opam-installer

Handle (un)installation from opam install files

nixos-unstable 2.5.0
- nixpkgs-unstable 2.5.0
- nixos-unstable-small 2.5.0
nixos-25.11 2.4.1
- nixos-25.11-small 2.4.1
- nixpkgs-25.11-darwin 2.4.1

pkgs.ocamlPackages.opam-core

Small standard library extensions, and generic system interaction modules used by opam

nixos-unstable 2.5.0
- nixpkgs-unstable 2.5.0
- nixos-unstable-small 2.5.0
nixos-25.11 2.4.1
- nixos-25.11-small 2.4.1
- nixpkgs-25.11-darwin 2.4.1

pkgs.ocamlPackages.opam-state

OPAM development library handling the ~/.opam hierarchy, repository and switch states

nixos-unstable 2.5.0
- nixpkgs-unstable 2.5.0
- nixos-unstable-small 2.5.0
nixos-25.11 2.4.1
- nixos-25.11-small 2.4.1
- nixpkgs-25.11-darwin 2.4.1

pkgs.ocamlPackages.opam-client

Actions on the opam root, switches, installations, and front-end

nixos-unstable 2.5.0
- nixpkgs-unstable 2.5.0
- nixos-unstable-small 2.5.0
nixos-25.11 2.4.1
- nixos-25.11-small 2.4.1
- nixpkgs-25.11-darwin 2.4.1

pkgs.ocamlPackages.opam-format

Definition of opam datastructures and its file interface

nixos-unstable 2.5.0
- nixpkgs-unstable 2.5.0
- nixos-unstable-small 2.5.0
nixos-25.11 2.4.1
- nixos-25.11-small 2.4.1
- nixpkgs-25.11-darwin 2.4.1

pkgs.ocamlPackages.opam-solver

This library is based on the Cudf and Dose libraries, and handles calls to the external solver from opam

nixos-unstable 2.5.0
- nixpkgs-unstable 2.5.0
- nixos-unstable-small 2.5.0
nixos-25.11 2.4.1
- nixos-25.11-small 2.4.1
- nixpkgs-25.11-darwin 2.4.1

pkgs.ocamlPackages.opam-repository

OPAM repository and remote sources handling, including curl/wget, rsync, git, mercurial, darcs backends

nixos-unstable 2.5.0
- nixpkgs-unstable 2.5.0
- nixos-unstable-small 2.5.0
nixos-25.11 2.4.1
- nixos-25.11-small 2.4.1
- nixpkgs-25.11-darwin 2.4.1

pkgs.ocamlPackages.opam-file-format

Parser and printer for the opam file syntax

nixos-unstable 2.2.0
- nixpkgs-unstable 2.2.0
- nixos-unstable-small 2.2.0
nixos-25.11 2.2.0
- nixos-25.11-small 2.2.0
- nixpkgs-25.11-darwin 2.2.0

pkgs.ocamlPackages_latest.opam-core

Small standard library extensions, and generic system interaction modules used by opam

nixos-unstable 2.5.0
- nixpkgs-unstable 2.5.0
- nixos-unstable-small 2.5.0

pkgs.ocamlPackages_latest.opam-state

OPAM development library handling the ~/.opam hierarchy, repository and switch states

nixos-unstable 2.5.0
- nixpkgs-unstable 2.5.0
- nixos-unstable-small 2.5.0

pkgs.ocamlPackages.opam-0install-cudf

Opam solver using 0install backend using the CUDF interface

nixos-unstable 0install-cudf-0.5.0
- nixpkgs-unstable 0install-cudf-0.5.0
- nixos-unstable-small 0install-cudf-0.5.0
nixos-25.11 0install-cudf-0.5.0
- nixos-25.11-small 0install-cudf-0.5.0
- nixpkgs-25.11-darwin 0install-cudf-0.5.0

pkgs.ocamlPackages_latest.opam-client

Actions on the opam root, switches, installations, and front-end

nixos-unstable 2.5.0
- nixpkgs-unstable 2.5.0
- nixos-unstable-small 2.5.0

pkgs.ocamlPackages_latest.opam-format

Definition of opam datastructures and its file interface

nixos-unstable 2.5.0
- nixpkgs-unstable 2.5.0
- nixos-unstable-small 2.5.0

pkgs.ocamlPackages_latest.opam-solver

This library is based on the Cudf and Dose libraries, and handles calls to the external solver from opam

nixos-unstable 2.5.0
- nixpkgs-unstable 2.5.0
- nixos-unstable-small 2.5.0

pkgs.ocamlPackages_latest.opam-repository

OPAM repository and remote sources handling, including curl/wget, rsync, git, mercurial, darcs backends

nixos-unstable 2.5.0
- nixpkgs-unstable 2.5.0
- nixos-unstable-small 2.5.0

pkgs.ocamlPackages_latest.opam-file-format

Parser and printer for the opam file syntax

nixos-unstable 2.2.0
- nixpkgs-unstable 2.2.0
- nixos-unstable-small 2.2.0

pkgs.tree-sitter-grammars.tree-sitter-opam

Tree-sitter grammar for opam

nixos-unstable 0-unstable-2026-04-05
- nixpkgs-unstable 0-unstable-2026-04-05
- nixos-unstable-small 0-unstable-2026-04-05

pkgs.ocamlPackages_latest.opam-0install-cudf

Opam solver using 0install backend using the CUDF interface

nixos-unstable 0install-cudf-0.5.0
- nixpkgs-unstable 0install-cudf-0.5.0
- nixos-unstable-small 0install-cudf-0.5.0

pkgs.python313Packages.tree-sitter-grammars.tree-sitter-opam

Python bindings for tree-sitter-opam

nixos-unstable 0+unstable20260405
- nixpkgs-unstable 0+unstable20260405
- nixos-unstable-small 0+unstable20260405

pkgs.python314Packages.tree-sitter-grammars.tree-sitter-opam

Python bindings for tree-sitter-opam

nixos-unstable 0+unstable20260405
- nixpkgs-unstable 0+unstable20260405
- nixos-unstable-small 0+unstable20260405