Nixpkgs Security Tracker

Permalink CVE-2026-2641

3.3 LOW

CVSS version: 3.1
Attack vector (AV):
Attack complexity (AC):
Privileges required (PR):
User interaction (UI):
Scope (S):
Confidentiality impact (C):
Integrity impact (I):
Availability impact (A):

created 1 month ago

universal-ctags V Language v.c parseExprList recursion

A weakness has been identified in universal-ctags ctags up to 6.2.1. The affected element is the function parseExpression/parseExprList of the file parsers/v.c of the component V Language Parser. Executing a manipulation can lead to uncontrolled recursion. It is possible to launch the attack on the local host. The exploit has been made available to the public and could be used for attacks. The project was informed of the problem early through an issue report but has not responded yet.

References

VDB-346397 | universal-ctags V Language v.c parseExprList recursion vdb-entry technical-description
VDB-346397 | CTI Indicators (IOB, IOC, IOA) signature permissions-required
Submit #752768 | universal-ctags ctags master-branch Uncontrolled Recursion third-party-advisory
https://github.com/universal-ctags/ctags/issues/4369 issue-tracking
https://github.com/oneafter/0116/blob/main/poc.v exploit
https://github.com/universal-ctags/ctags/ product

Affected products

ctags

==6.2.1
==6.2.0

Matching in nixpkgs

pkgs.ctags

Tool for fast source code browsing (exuberant ctags)

nixos-unstable 816
- nixpkgs-unstable 816
- nixos-unstable-small 816
nixos-25.11 816
- nixos-25.11-small 816
- nixpkgs-25.11-darwin 816

pkgs.mdctags

tags for markdown file

nixos-unstable 2020-06-11
- nixpkgs-unstable 2020-06-11
- nixos-unstable-small 2020-06-11
nixos-25.11 2020-06-11
- nixos-25.11-small 2020-06-11
- nixpkgs-25.11-darwin 2020-06-11

pkgs.ctags-lsp

LSP implementation using universal-ctags as backend

nixos-unstable 0.10.2
- nixpkgs-unstable 0.10.2
- nixos-unstable-small 0.10.2
nixos-25.11 0.9.0
- nixos-25.11-small 0.9.0
- nixpkgs-25.11-darwin 0.9.0

pkgs.ctagsWrapped

Tool for fast source code browsing (exuberant ctags)

nixos-unstable 816-wrapped
- nixpkgs-unstable 816-wrapped
- nixos-unstable-small 816-wrapped
nixos-25.11 816-wrapped
- nixos-25.11-small 816-wrapped
- nixpkgs-25.11-darwin 816-wrapped

pkgs.universal-ctags

Maintained ctags implementation

nixos-unstable 6.2.1
- nixpkgs-unstable 6.2.1
- nixos-unstable-small 6.2.1
nixos-25.11 6.2.1
- nixos-25.11-small 6.2.1
- nixpkgs-25.11-darwin 6.2.1

pkgs.python312Packages.python-ctags3

Ctags indexing python bindings

nixos-25.11 ctags3-1.6.0
- nixos-25.11-small ctags3-1.6.0
- nixpkgs-25.11-darwin ctags3-1.6.0

pkgs.python313Packages.python-ctags3

Ctags indexing python bindings

nixos-unstable ctags3-1.6.0
- nixpkgs-unstable ctags3-1.6.0
- nixos-unstable-small ctags3-1.6.0
nixos-25.11 ctags3-1.6.0
- nixos-25.11-small ctags3-1.6.0
- nixpkgs-25.11-darwin ctags3-1.6.0

pkgs.python314Packages.python-ctags3

Ctags indexing python bindings

nixos-unstable ctags3-1.6.0
- nixpkgs-unstable ctags3-1.6.0
- nixos-unstable-small ctags3-1.6.0

Package maintainers

@voronind-com Dmitry Voronin <hi@voronind.com>
@pacien euxane <r9uhdi.nixpkgs@euxane.eu>

Suggestions search

References

Affected products

Matching in nixpkgs

pkgs.ctags

pkgs.mdctags

pkgs.ctags-lsp

pkgs.ctagsWrapped

pkgs.universal-ctags

pkgs.python312Packages.python-ctags3

pkgs.python313Packages.python-ctags3

pkgs.python314Packages.python-ctags3

Package maintainers