Nixpkgs security tracker
NIXPKGS-2026-1251
GitHub issue
published on
Permalink
CVE-2026-33260
5.3 MEDIUM
- CVSS version: 3.1
- Attack vector (AV): NETWORK
- Attack complexity (AC): LOW
- Privileges required (PR): NONE
- User interaction (UI): NONE
- Scope (S): UNCHANGED
- Confidentiality impact (C): NONE
- Integrity impact (I): NONE
- Availability impact (A): LOW
by @LeSuisse Activity log
- Created automatic suggestion
-
@LeSuisse
ignored
7 packages
- rotp
- pdnsd
- dnsdist
- pdnsgrep
- pdns-recursor
- home-assistant-component-tests.namecheapdns
- tests.home-assistant-components.namecheapdns
- @LeSuisse accepted
-
@LeSuisse
restored
2 packages
- dnsdist
- pdns-recursor
- @LeSuisse published on GitHub
Insufficient input validation of internal webserver
An attacker can send a web request that causes unlimited memory allocation in the internal web server, leading to a denial of service. The internal web server is disabled by default.
References
Affected products
pdns
- <5.0.4
- <4.9.14
dnsdist
- <1.9.13
- <2.0.4
pdns-recursor
- <5.3.6
- <5.4.1
- <5.2.9
Ignored packages (5)
pkgs.rotp
Open-source modernization of the 1993 classic "Master of Orion", written in Java
pkgs.pdnsd
Permanent DNS caching
-
nixos-unstable 1.2.9a-par
- nixpkgs-unstable 1.2.9a-par
- nixos-unstable-small 1.2.9a-par
-
nixos-25.11 1.2.9a-par
- nixos-25.11-small 1.2.9a-par
- nixpkgs-25.11-darwin 1.2.9a-par
pkgs.pdnsgrep
Search tool for PowerDNS logs
pkgs.home-assistant-component-tests.namecheapdns
Open source home automation that puts local control and privacy first
pkgs.tests.home-assistant-components.namecheapdns
Open source home automation that puts local control and privacy first
Package maintainers
-
@Mic92 Jörg Thalheim <joerg@thalheim.io>
-
@NickCao Nick Cao <nickcao@nichi.co>
-
@jojosch Johannes Schleifenbaum <johannes@js-webcoding.de>
-
@rnhmjoj Michele Guerini Rocco <rnhmjoj@inventati.org>