Nixpkgs security tracker
Dismissed
(not in Nixpkgs)
Permalink
CVE-2026-8043
9.6 CRITICAL
- CVSS version (CVSS): 3.1
- Attack Vector (AV): Network (N)
- Attack Complexity (AC): Low (L)
- Privileges Required (PR): Low (L)
- User Interaction (UI): None (N)
- Scope (S): Changed (C)
- Confidentiality (C): High (H)
- Integrity (I): High (H)
- Availability (A): None (N)
- Modified Attack Vector (MAV): Network (N)
- Modified Attack Complexity (MAC): Low (L)
- Modified Privileges Required (MPR): Low (L)
- Modified User Interaction (MUI): None (N)
- Modified Confidentiality (MC): High (H)
- Modified Scope (MS): Changed (C)
- Modified Integrity (MI): High (H)
- Modified Availability (MA): None (N)
by @LeSuisse Activity log
- Created suggestion
- @LeSuisse dismissed (not in Nixpkgs)
External control of a file name in Ivanti Xtraction before …
External control of a file name in Ivanti Xtraction before version 2026.2 allows a remote authenticated attacker to read sensitive files and write arbitrary HTML files to a web directory, leading to information disclosure and possible client-side attacks.
Affected products
Xtraction
- ==2026.2
Matching in nixpkgs
pkgs.coqPackages.TypedExtraction
A framework for extracting Rocq programs to Rust and Elm
pkgs.coqPackages.CakeMLExtraction
CakeML backend for Peregrine
pkgs.coqPackages.TypedExtraction-elm
A framework for extracting Rocq programs to Rust and Elm
pkgs.coqPackages.verified-extraction
Verified Extraction from Rocq to OCaml. Including a bootstrapped extraction plugin
pkgs.coqPackages.TypedExtraction-rust
A framework for extracting Rocq programs to Rust and Elm
pkgs.coqPackages.TypedExtraction-common
A framework for extracting Rocq programs to Rust and Elm
pkgs.coqPackages.TypedExtraction-plugin
A framework for extracting Rocq programs to Rust and Elm
Package maintainers
-
@4ever2 Eske Nielsen <eske@cs.au.dk>