Nixpkgs security tracker

Dismissed

(not in Nixpkgs)

Permalink CVE-2026-42869

10.0 CRITICAL

CVSS version (CVSS): 3.1
Attack Vector (AV): Network (N)
Attack Complexity (AC): Low (L)
Privileges Required (PR): None (N)
User Interaction (UI): None (N)
Scope (S): Changed (C)
Confidentiality (C): High (H)
Integrity (I): High (H)
Availability (A): High (H)
Modified Attack Vector (MAV): Network (N)
Modified Attack Complexity (MAC): Low (L)
Modified Privileges Required (MPR): None (N)
Modified User Interaction (MUI): None (N)
Modified Confidentiality (MC): High (H)
Modified Scope (MS): Changed (C)
Modified Integrity (MI): High (H)
Modified Availability (MA): High (H)

updated 1 week, 1 day ago by @LeSuisse Activity log

Created suggestion 1 week, 1 day ago
@LeSuisse dismissed (not in Nixpkgs) 1 week, 1 day ago

SOCFortress CoPilot: Hardcoded JWT secret allows unauthenticated full admin compromise and lateral movement into all integrated SOC tools

SOCFortress CoPilot focuses on providing a single pane of glass for all your security operations needs. Prior to 0.1.57, SOCFortress CoPilot ships a hardcoded JWT signing secret as a fallback value in backend/app/auth/utils.py:28 and ships it verbatim in .env.example. Any deployment where JWT_SECRET is not explicitly set — including the default Docker Compose setup — signs all authentication tokens with this publicly known value. An unauthenticated attacker can forge arbitrary admin-scoped JWTs and gain full control of the application and every security tool it manages without any credentials. This vulnerability is fixed in 0.1.57.

References

https://github.com/socfortress/CoPilot/security/advisories/GHSA-4gxj-hw3c-3x2x x_refsource_CONFIRM
https://github.com/socfortress/CoPilot/pull/814 x_refsource_MISC
https://github.com/socfortress/CoPilot/commit/4640511a0cf2e7b144a71375b5b349a8318cb186 x_refsource_MISC

Affected products

CoPilot

==< 0.1.57

Matching in nixpkgs

pkgs.gh-copilot

Ask for assistance right in your terminal

nixos-25.11 1.2.0
- nixos-25.11-small 1.2.0
- nixpkgs-25.11-darwin 1.2.0

pkgs.copilot-cli

Build, Release and Operate Containerized Applications on AWS

nixos-unstable 1.34.1
- nixpkgs-unstable 1.34.1
- nixos-unstable-small 1.34.1
nixos-25.11 1.34.1
- nixos-25.11-small 1.34.1
- nixpkgs-25.11-darwin 1.34.1

pkgs.github-copilot-cli

GitHub Copilot CLI brings the power of Copilot coding agent directly to your terminal

nixos-unstable 1.0.40
- nixpkgs-unstable 1.0.40
- nixos-unstable-small 1.0.40
nixos-25.11 0.0.362
- nixos-25.11-small 0.0.362
- nixpkgs-25.11-darwin 0.0.362

pkgs.copilot-node-server

Copilot Node.js server

nixos-unstable 1.41.0
- nixpkgs-unstable 1.41.0
- nixos-unstable-small 1.41.0
nixos-25.11 1.41.0
- nixos-25.11-small 1.41.0
- nixpkgs-25.11-darwin 1.41.0

pkgs.copilot-language-server

Use GitHub Copilot with any editor or IDE via the Language Server Protocol

nixos-unstable 1.477.0
- nixpkgs-unstable 1.480.0
- nixos-unstable-small 1.480.0
nixos-25.11 1.397.0
- nixos-25.11-small 1.397.0
- nixpkgs-25.11-darwin 1.397.0

pkgs.haskellPackages.copilot

A stream DSL for writing embedded C programs

nixos-unstable 4.5.1
- nixpkgs-unstable 4.5.1
- nixos-unstable-small 4.5.1
nixos-25.11 4.5.1
- nixos-25.11-small 4.5.1
- nixpkgs-25.11-darwin 4.5.1

pkgs.copilot-language-server-fhs

Use GitHub Copilot with any editor or IDE via the Language Server Protocol

nixos-unstable 1.477.0
- nixpkgs-unstable 1.480.0
- nixos-unstable-small 1.480.0
nixos-25.11 1.397.0
- nixos-25.11-small 1.397.0
- nixpkgs-25.11-darwin 1.397.0

pkgs.haskellPackages.copilot-c99

A compiler for Copilot targeting C99

nixos-unstable c99-4.5.1
- nixpkgs-unstable c99-4.5.1
- nixos-unstable-small c99-4.5.1
nixos-25.11 c99-4.5.1
- nixos-25.11-small c99-4.5.1
- nixpkgs-25.11-darwin c99-4.5.1

pkgs.haskellPackages.copilot-core

An intermediate representation for Copilot

nixos-unstable 4.5.1
- nixpkgs-unstable 4.5.1
- nixos-unstable-small 4.5.1
nixos-25.11 4.5.1
- nixos-25.11-small 4.5.1
- nixpkgs-25.11-darwin 4.5.1

pkgs.github-copilot-intellij-agent

GitHub copilot IntelliJ plugin's native component

nixos-unstable 1.4.5.4049
- nixpkgs-unstable 1.4.5.4049
- nixos-unstable-small 1.4.5.4049
nixos-25.11 1.4.5.4049
- nixos-25.11-small 1.4.5.4049
- nixpkgs-25.11-darwin 1.4.5.4049

pkgs.haskellPackages.copilot-theorem

k-induction for Copilot

nixos-unstable 4.5.1
- nixpkgs-unstable 4.5.1
- nixos-unstable-small 4.5.1
nixos-25.11 4.5.1
- nixos-25.11-small 4.5.1
- nixpkgs-25.11-darwin 4.5.1

pkgs.haskellPackages.copilot-language

A Haskell-embedded DSL for monitoring hard real-time distributed systems

nixos-unstable 4.5.1
- nixpkgs-unstable 4.5.1
- nixos-unstable-small 4.5.1
nixos-25.11 4.5.1
- nixos-25.11-small 4.5.1
- nixpkgs-25.11-darwin 4.5.1

pkgs.vscode-extensions.github.copilot

GitHub Copilot uses OpenAI Codex to suggest code and entire functions in real-time right from your editor

nixos-unstable 1.388.0
- nixpkgs-unstable 1.388.0
- nixos-unstable-small 1.388.0
nixos-25.11 1.388.0
- nixos-25.11-small 1.388.0
- nixpkgs-25.11-darwin 1.388.0

pkgs.haskellPackages.copilot-libraries

Libraries for the Copilot language

nixos-unstable 4.5.1
- nixpkgs-unstable 4.5.1
- nixos-unstable-small 4.5.1
nixos-25.11 4.5.1
- nixos-25.11-small 4.5.1
- nixpkgs-25.11-darwin 4.5.1

pkgs.fishPlugins.github-copilot-cli-fish

GitHub Copilot CLI aliases for Fish Shell

nixos-unstable 0.1.33.1
- nixpkgs-unstable 0.1.33.1
- nixos-unstable-small 0.1.33.1
nixos-25.11 0.1.33.1
- nixos-25.11-small 0.1.33.1
- nixpkgs-25.11-darwin 0.1.33.1