Nixpkgs security tracker
NIXPKGS-2026-1253
GitHub issue
published on
Permalink
CVE-2026-33608
7.4 HIGH
- CVSS version: 3.1
- Attack vector (AV): NETWORK
- Attack complexity (AC): HIGH
- Privileges required (PR): NONE
- User interaction (UI): NONE
- Scope (S): UNCHANGED
- Confidentiality impact (C): NONE
- Integrity impact (I): HIGH
- Availability impact (A): HIGH
by @LeSuisse Activity log
- Created automatic suggestion
-
@LeSuisse
ignored
5 packages
- pdnsd
- pdnsgrep
- pdns-recursor
- home-assistant-component-tests.namecheapdns
- tests.home-assistant-components.namecheapdns
- @LeSuisse accepted
- @LeSuisse ignored reference https://d…
- @LeSuisse published on GitHub
Incomplete domain name sanitization during
An attacker can send a notify request that causes a new secondary domain to be added to the bind backend, but causes said backend to update its configuration to an invalid one, leading to the backend no longer able to run on the next restart, requiring manual operation to fix it.
References
Ignored references (1)
Affected products
pdns
- <5.0.4
- <4.9.14
Matching in nixpkgs
Ignored packages (5)
pkgs.pdnsd
Permanent DNS caching
-
nixos-unstable 1.2.9a-par
- nixpkgs-unstable 1.2.9a-par
- nixos-unstable-small 1.2.9a-par
-
nixos-25.11 1.2.9a-par
- nixos-25.11-small 1.2.9a-par
- nixpkgs-25.11-darwin 1.2.9a-par
pkgs.pdnsgrep
Search tool for PowerDNS logs
pkgs.pdns-recursor
Recursive DNS server
pkgs.home-assistant-component-tests.namecheapdns
Open source home automation that puts local control and privacy first
pkgs.tests.home-assistant-components.namecheapdns
Open source home automation that puts local control and privacy first
Package maintainers
-
@Mic92 Jörg Thalheim <joerg@thalheim.io>
-
@NickCao Nick Cao <nickcao@nichi.co>