Nixpkgs Security Tracker

Permalink CVE-2026-1301

updated 1 month, 2 weeks ago by @LeSuisse Activity log

Created automatic suggestion 1 month, 2 weeks ago
@LeSuisse removed package open62541pp 1 month, 2 weeks ago
@LeSuisse dismissed 1 month, 2 weeks ago

Out-of-bounds Write in o6 Automation GmbH Open62541

In builds with PubSub and JSON enabled, a crafted JSON message can cause the decoder to write beyond a heap-allocated array before authentication, reliably crashing the process and corrupting memory.

References

https://www.cisa.gov/news-events/ics-advisories/icsa-26-036-03 government-resource

Affected products

Open62541

<1.5-rc2

Matching in nixpkgs

pkgs.open62541

Open source implementation of OPC UA

nixos-unstable 1.4.14
- nixpkgs-unstable 1.4.14
- nixos-unstable-small 1.4.14
nixos-25.11 1.4.14
- nixos-25.11-small 1.4.14
- nixpkgs-25.11-darwin 1.4.14

Package maintainers

@panicgh Nicolas Benes <nbenes.gh@xandea.de>

Only impacts >=1.5-rc1|<1.5-rc2, nixpkgs is at 1.4.14

Suggestions search

References

Affected products

Matching in nixpkgs

pkgs.open62541

Package maintainers