CVE-2026-44028
Stack Overflow in Nix Package Manager
Publication date: 2026-05-05
Last updated on: 2026-05-05
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| nix | nix | 2.34.7 |
| nix | nix | 2.33.6 |
| nix | nix | 2.32.8 |
| nix | nix | 2.31.5 |
| nix | nix | 2.30.5 |
| nix | nix | 2.29.4 |
| nix | nix | 2.28.7 |
| lix | lix | 2.95.2 |
| lix | lix | 2.94.2 |
| lix | lix | 2.93.4 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-674 | The product does not properly control the amount of recursion that takes place, consuming excessive resources, such as allocated memory or the program stack. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in Nix before version 2.34.7 and Lix before version 2.95.2. It involves unbounded recursion in the NAR (Nix Archive) parser, which can cause a stack-to-heap overflow when the parser runs on a coroutine stack.
Because the stack is allocated without a guard page, the overflow can overwrite memory on the heap. This memory corruption could allow an attacker to execute arbitrary code as the Nix daemon, which runs with root privileges in multi-user installations.
The vulnerability can be exploited by any user able to connect to the daemon, which by default includes all users unless restricted by configuration.
How can this vulnerability impact me? :
This vulnerability can lead to arbitrary code execution with root privileges on systems running vulnerable versions of Nix or Lix. An attacker who can connect to the Nix daemon could exploit this flaw to gain elevated access and potentially take full control of the affected system.
Because the Nix daemon runs as root in multi-user environments, exploitation could compromise system integrity and security, leading to unauthorized actions, data breaches, or disruption of services.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, you should upgrade Nix to one of the fixed versions: 2.34.7, 2.33.6, 2.32.8, 2.31.5, 2.30.5, or 2.29.4 (for versions introduced in 2.24.4). For Lix, upgrade to 2.95.2, 2.94.2, or 2.93.4 (introduced in 2.93.0).
Additionally, review and restrict the allowed-users setting for the Nix daemon to limit which users can connect, reducing the attack surface.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided information does not include any details on how this vulnerability affects compliance with common standards and regulations such as GDPR or HIPAA.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
The vulnerability affects Nix and Lix daemon implementations before certain fixed versions. Detection primarily involves verifying the installed versions of Nix or Lix on your system to determine if they are vulnerable.
You can check the installed version of Nix or Lix using the following commands:
- nix --version
- lix --version
If the version is older than the fixed versions (Nix versions before 2.34.7, 2.33.6, 2.32.8, 2.31.5, 2.30.5, 2.29.4, and 2.28.7; Lix versions before 2.95.2, 2.94.2, and 2.93.4), your system is vulnerable.
Since the vulnerability requires local access to the Nix or Lix daemon, you should also check which users are allowed to connect to the daemon by inspecting the daemon configuration, particularly the allowed-users and trusted-users settings.
There are no specific network or system scanning commands provided in the resources to detect exploitation attempts or the vulnerability directly.