Nixpkgs security tracker

Dismissed

(not in Nixpkgs)

Permalink CVE-2026-5061

4.7 MEDIUM

CVSS version (CVSS): 3.1
Attack Vector (AV): Local (L)
Attack Complexity (AC): High (H)
Privileges Required (PR): Low (L)
User Interaction (UI): None (N)
Scope (S): Unchanged (U)
Confidentiality (C): High (H)
Integrity (I): None (N)
Availability (A): None (N)
Modified Attack Vector (MAV): Local (L)
Modified Attack Complexity (MAC): High (H)
Modified Privileges Required (MPR): Low (L)
Modified User Interaction (MUI): None (N)
Modified Confidentiality (MC): High (H)
Modified Scope (MS): Unchanged (U)
Modified Integrity (MI): None (N)
Modified Availability (MA): None (N)

updated 1 week, 5 days ago by @LeSuisse Activity log

Created suggestion 1 week, 5 days ago
@LeSuisse dismissed (not in Nixpkgs) 1 week, 5 days ago

Consul-template vulnerable to sandbox path bypass in file helper via a symlink attack

The consul-template library before version 0.42.0 is vulnerable to a sandbox path bypass in the file template helper that may allow reading an out-of-sandbox file. This vulnerability (CVE-2026-5061) is fixed in consul-template 0.42.0.

References

https://discuss.hashicorp.com/t/hcsec-2026-12-consul-template-vulnerable-to-san…

Affected products

Tooling

<0.42.0

Matching in nixpkgs

pkgs.xml-tooling-c

Low-level library that provides a high level interface to XML processing for OpenSAML 2

nixos-unstable 3.3.0
- nixpkgs-unstable 3.3.0
- nixos-unstable-small 3.3.0
nixos-25.11 3.3.0
- nixos-25.11-small 3.3.0
- nixpkgs-25.11-darwin 3.3.0

pkgs.vscode-extensions.elmtooling.elm-ls-vscode

Elm language server

nixos-unstable 2.8.0
- nixpkgs-unstable 2.8.0
- nixos-unstable-small 2.8.0
nixos-25.11 2.8.0
- nixos-25.11-small 2.8.0
- nixpkgs-25.11-darwin 2.8.0

Package maintainers

@mcwitt Matt Wittmann <mcwitt@gmail.com>
@Sigmanificient Yohann Boniface <sigmanificient@gmail.com>

Untriaged

Permalink CVE-2026-4660

7.5 HIGH

CVSS version (CVSS): 3.1
Attack Vector (AV): Network (N)
Attack Complexity (AC): Low (L)
Privileges Required (PR): None (N)
User Interaction (UI): None (N)
Scope (S): Unchanged (U)
Confidentiality (C): High (H)
Integrity (I): None (N)
Availability (A): None (N)
Modified Attack Vector (MAV): Network (N)
Modified Attack Complexity (MAC): Low (L)
Modified Privileges Required (MPR): None (N)
Modified User Interaction (MUI): None (N)
Modified Confidentiality (MC): High (H)
Modified Scope (MS): Unchanged (U)
Modified Integrity (MI): None (N)
Modified Availability (MA): None (N)

created 1 month, 2 weeks ago Activity log

Created suggestion 1 month, 2 weeks ago

Go-getter may allow to arbitrary filesystem reads through git operations

HashiCorp’s go-getter library up to v1.8.5 may allow arbitrary file reads on the file system during certain git operations through a maliciously crafted URL. This vulnerability, CVE-2026-4660, is fixed in go-getter v1.8.6. This vulnerability does not affect the go-getter/v2 branch and package.