Nixpkgs security tracker

Permalink CVE-2025-51846

7.5 HIGH

CVSS version: 3.1
Attack vector (AV): NETWORK
Attack complexity (AC): LOW
Privileges required (PR): NONE
User interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality impact (C): NONE
Integrity impact (I): NONE
Availability impact (A): HIGH

updated 5 hours ago by @LeSuisse Activity log

Created suggestion 15 hours ago
@LeSuisse ignored
2 references
- url
- url
5 hours ago
@LeSuisse accepted 5 hours ago
@LeSuisse published on GitHub 5 hours ago

CryptPad unbounded WebSocket frame flood

CryptPad 2025.3.1 allows unbounded WebSocket frame flood. A remote, unauthenticated attacker can significantly degrade or deny service for all users of a CryptPad instance. Fixed in 2026.2.2.

References

Ignored references (2)

Affected products

CryptPad

<2026.2.2
==2026.2.2

Matching in nixpkgs

pkgs.cryptpad

Collaborative office suite, end-to-end encrypted and open-source

nixos-unstable 2025.9.0
- nixpkgs-unstable 2025.9.0
- nixos-unstable-small 2025.9.0
nixos-25.11 2025.9.0
- nixos-25.11-small 2025.9.0
- nixpkgs-25.11-darwin 2025.9.0

Package maintainers

@martinetd Dominique Martinet <f.ktfhrvnznqxacf@noclue.notk.org>

Suggestions search

References

Affected products

Matching in nixpkgs

pkgs.cryptpad

Package maintainers