NIXPKGS-2026-1356

GitHub issue published on

Permalink CVE-2026-43505

6.5 MEDIUM

CVSS version: 3.1
Attack vector (AV): NETWORK
Attack complexity (AC): LOW
Privileges required (PR): NONE
User interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality impact (C): NONE
Integrity impact (I): LOW
Availability impact (A): LOW

updated 7 hours ago by @LeSuisse Activity log

Created suggestion 15 hours ago
@LeSuisse ignored
2 packages
- prosody-filer
- jitsi-meet-prosody
7 hours ago
@LeSuisse accepted 7 hours ago
@LeSuisse published on GitHub 7 hours ago

An issue was discovered in Prosody before 0.12.6 and 1.0.0 …

An issue was discovered in Prosody before 0.12.6 and 1.0.0 through 13.0.0 before 13.0.5, when mod_proxy65 is enabled. Because mod_proxy65 mishandles access control in the activation scenario, relaying of unauthenticated traffic can occur.

References

Affected products

Prosody

<0.12.6
<13.0.5

Matching in nixpkgs

pkgs.prosody

Open-source XMPP application server written in Lua

nixos-unstable 13.0.3
- nixpkgs-unstable 13.0.3
- nixos-unstable-small 13.0.3
nixos-25.11 13.0.3
- nixos-25.11-small 13.0.3
- nixpkgs-25.11-darwin 13.0.3

Ignored packages (2)

pkgs.prosody-filer

Simple file server for handling XMPP http_upload requests

nixos-unstable 2021-05-24
- nixpkgs-unstable 2021-05-24
- nixos-unstable-small 2021-05-24
nixos-25.11 2021-05-24
- nixos-25.11-small 2021-05-24
- nixpkgs-25.11-darwin 2021-05-24

pkgs.jitsi-meet-prosody

Prosody configuration for Jitsi Meet

nixos-unstable 1.0.8737
- nixpkgs-unstable 1.0.8737
- nixos-unstable-small 1.0.8737
nixos-25.11 1.0.8737
- nixos-25.11-small 1.0.8737
- nixpkgs-25.11-darwin 1.0.8737

Package maintainers

@astro Astro <astro@spaceboyz.net>
@SuperSandro2000 Sandro Jäckel <sandro.jaeckel@gmail.com>
@gshipunov Grigory Shipunov <blame@oxapentane.com>
@toastal toastal <toastal+nix@posteo.net>
@tanneberger Tassilo Tanneberger <revol-xut@protonmail.com>
@mirror230469 mirror <mirror230469@disroot.org>

Nixpkgs security tracker