Nixpkgs security tracker

Untriaged

Permalink CVE-2026-41645

5.3 MEDIUM

CVSS version (CVSS): 3.1
Attack Vector (AV): Network (N)
Attack Complexity (AC): High (H)
Privileges Required (PR): None (N)
User Interaction (UI): Required (R)
Scope (S): Unchanged (U)
Confidentiality (C): High (H)
Integrity (I): None (N)
Availability (A): None (N)
Modified Attack Vector (MAV): Network (N)
Modified Attack Complexity (MAC): High (H)
Modified Privileges Required (MPR): None (N)
Modified User Interaction (MUI): Required (R)
Modified Confidentiality (MC): High (H)
Modified Scope (MS): Unchanged (U)
Modified Integrity (MI): None (N)
Modified Availability (MA): None (N)

created 2 weeks, 2 days ago Activity log

Created suggestion 2 weeks, 2 days ago

Nuclei: Environment variable disclosure via Response-Derived DSL Expressions

Nuclei is a vulnerability scanner built on a simple YAML-based DSL. From version 3.0.0 to before version 3.8.0, a vulnerability in Nuclei's expression evaluation engine makes it possible for a malicious target server to inject and execute supported DSL expressions. This happens when HTTP response data containing helper/function syntax gets reused by multi-step templates. If the -env-vars / -ev option is explicitly enabled, this can expose host environment variables. That option is off by default, so standard configurations are not affected by the information disclosure risk. This issue has been patched in version 3.8.0.

References

https://github.com/projectdiscovery/nuclei/security/advisories/GHSA-jm34-66cf-qpvr x_refsource_CONFIRM
https://github.com/projectdiscovery/nuclei/pull/7221 x_refsource_MISC
https://github.com/projectdiscovery/nuclei/pull/7321 x_refsource_MISC
https://github.com/projectdiscovery/nuclei/commit/6c803c74d193f85f8a6d9803ce493fd302cad0eb x_refsource_MISC
https://github.com/projectdiscovery/nuclei/commit/d2217320162d5782ca7cb95bef9dda17063818f3 x_refsource_MISC
https://github.com/projectdiscovery/nuclei/releases/tag/v3.8.0 x_refsource_MISC

Affected products

nuclei

==>= 3.0.0, < 3.8.0

Matching in nixpkgs

pkgs.nuclei

Tool for configurable targeted scanning

nixos-unstable 3.8.0
- nixpkgs-unstable 3.8.0
- nixos-unstable-small 3.8.0
nixos-25.11 3.8.0
- nixos-25.11-small 3.8.0
- nixpkgs-25.11-darwin 3.8.0

pkgs.nucleiparser

Nuclei output parser for CLI

nixos-unstable 0.2.1
- nixpkgs-unstable 0.2.1
- nixos-unstable-small 0.2.1
nixos-25.11 0.2.1
- nixos-25.11-small 0.2.1
- nixpkgs-25.11-darwin 0.2.1

pkgs.nuclei-templates

Templates for the nuclei engine to find security vulnerabilities

nixos-unstable 10.4.2
- nixpkgs-unstable 10.4.3
- nixos-unstable-small 10.4.3
nixos-25.11 10.3.2
- nixos-25.11-small 10.3.2
- nixpkgs-25.11-darwin 10.3.2

Package maintainers

@Misaka13514 Rine Amakawa <Misaka13514@gmail.com>
@fabaff Fabian Affolter <mail@fabian-affolter.ch>

Untriaged

Permalink CVE-2026-41646

5.5 MEDIUM

CVSS version (CVSS): 3.1
Attack Vector (AV): Local (L)
Attack Complexity (AC): Low (L)
Privileges Required (PR): None (N)
User Interaction (UI): Required (R)
Scope (S): Unchanged (U)
Confidentiality (C): High (H)
Integrity (I): None (N)
Availability (A): None (N)
Modified Attack Vector (MAV): Local (L)
Modified Attack Complexity (MAC): Low (L)
Modified Privileges Required (MPR): None (N)
Modified User Interaction (MUI): Required (R)
Modified Confidentiality (MC): High (H)
Modified Scope (MS): Unchanged (U)
Modified Integrity (MI): None (N)
Modified Availability (MA): None (N)

created 2 weeks, 2 days ago Activity log

Created suggestion 2 weeks, 2 days ago

Nuclei: Local File Read via require() Module Loader Bypass

Nuclei is a vulnerability scanner built on a simple YAML-based DSL. From version 3.0.0 to before version 3.8.0, a vulnerability in Nuclei's JavaScript protocol runtime allows JavaScript templates to read local .js and .json files through the require() function, bypassing the default local file access restriction. This issue has been patched in version 3.8.0.

References

https://github.com/projectdiscovery/nuclei/security/advisories/GHSA-29rg-wmcw-hpf4 x_refsource_CONFIRM
https://github.com/projectdiscovery/nuclei/pull/7332 exploitx_refsource_MISC
https://github.com/projectdiscovery/nuclei/commit/6f2ade6a9b427c284c15a43445f9c7f055e60e5d x_refsource_MISC

Affected products

nuclei

==>= 3.0.0, < 3.8.0

Matching in nixpkgs

pkgs.nuclei

Tool for configurable targeted scanning

nixos-unstable 3.8.0
- nixpkgs-unstable 3.8.0
- nixos-unstable-small 3.8.0
nixos-25.11 3.8.0
- nixos-25.11-small 3.8.0
- nixpkgs-25.11-darwin 3.8.0

pkgs.nucleiparser

Nuclei output parser for CLI

nixos-unstable 0.2.1
- nixpkgs-unstable 0.2.1
- nixos-unstable-small 0.2.1
nixos-25.11 0.2.1
- nixos-25.11-small 0.2.1
- nixpkgs-25.11-darwin 0.2.1

pkgs.nuclei-templates

Templates for the nuclei engine to find security vulnerabilities

nixos-unstable 10.4.2
- nixpkgs-unstable 10.4.3
- nixos-unstable-small 10.4.3
nixos-25.11 10.3.2
- nixos-25.11-small 10.3.2
- nixpkgs-25.11-darwin 10.3.2

Package maintainers

@Misaka13514 Rine Amakawa <Misaka13514@gmail.com>
@fabaff Fabian Affolter <mail@fabian-affolter.ch>

Suggestions search

References

Affected products

Matching in nixpkgs

pkgs.nuclei

pkgs.nucleiparser

pkgs.nuclei-templates

Package maintainers

References

Affected products

Matching in nixpkgs

pkgs.nuclei

pkgs.nucleiparser

pkgs.nuclei-templates

Package maintainers