Nixpkgs security tracker

Dismissed

(not in Nixpkgs)

Permalink CVE-2026-6991

6.3 MEDIUM

CVSS version (CVSS): 3.1
Attack Vector (AV): Network (N)
Attack Complexity (AC): Low (L)
Privileges Required (PR): Low (L)
User Interaction (UI): None (N)
Scope (S): Unchanged (U)
Confidentiality (C): Low (L)
Integrity (I): Low (L)
Availability (A): Low (L)
Exploit Code Maturity (E): Proof-of-Concept (P)
Remediation Level (RL): Not Defined (X)
Report Confidence (RC): Reasonable (R)
Modified Attack Vector (MAV): Network (N)
Modified Attack Complexity (MAC): Low (L)
Modified Privileges Required (MPR): Low (L)
Modified User Interaction (MUI): None (N)
Modified Confidentiality (MC): Low (L)
Modified Scope (MS): Unchanged (U)
Modified Integrity (MI): Low (L)
Modified Availability (MA): Low (L)

updated 4 weeks, 1 day ago by @LeSuisse Activity log

Created suggestion 1 month ago
@LeSuisse dismissed (not in Nixpkgs) 4 weeks, 1 day ago

colinhacks Zod CUID Data Type regexes.ts sql injection

A vulnerability was determined in colinhacks Zod up to 4.3.6. The impacted element is an unknown function of the file packages/zod/src/v4/core/regexes.ts of the component CUID Data Type Handler. Executing a manipulation can lead to sql injection. The attack can be launched remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.

References

VDB-359543 | colinhacks Zod CUID Data Type regexes.ts sql injection vdb-entry
VDB-359543 | CTI Indicators (IOB, IOC, TTP, IOA) signaturepermissions-required
Submit #796749 | colinhacks Zod <=4.3.6 Improper Input Validation third-party-advisory

Affected products

Zod

==4.3.3
==4.3.6
==4.3.1
==4.3.0
==4.3.5
==4.3.2
==4.3.4

Matching in nixpkgs

pkgs.zod

Multiplayer remake of ZED

nixos-unstable 2011-09-06
- nixpkgs-unstable 2011-09-06
- nixos-unstable-small 2011-09-06
nixos-25.11 2011-09-06
- nixos-25.11-small 2011-09-06
- nixpkgs-25.11-darwin 2011-09-06