CVE-2026-44028
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-44028
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
An issue was discovered in Nix before 2.34.7 and Lix before 2.95.2. Unbounded recursion in the NAR (Nix Archive) parser could lead to a stack-to-heap overflow when the parser is run on a coroutine stack. The stack is allocated without a guard page, which means that a stack overflow could overwrite memory on the heap and could allow arbitrary code execution as the Nix daemon (run as root in multi-user installations) if ASLR hardening is bypassed. This can be exploited by all users able to connect to the daemon (e.g., in Nix, this is configurable via the allowed-users setting, defaulting to all users). The fixed versions are 2.34.7, 2.33.6, 2.32.8, 2.31.5, 2.30.5, 2.29.4, and 2.28.7 for Nix (introduced in 2.24.4); and 2.95.2, 2.94.2, and 2.93.4 for Lix (introduced in 2.93.0).
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
未经控制的递归
Source: NVD (National Vulnerability Database)
Vulnerability Title
Nix和lix 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
lix是lix开源的一款软件包管理器。Nix是Nix开源的一个包管理器。 Nix 2.34.7之前版本和lix 2.95.2之前版本存在安全漏洞,该漏洞源于NAR解析器中无界递归可能导致栈到堆溢出,当解析器在协程栈上运行时,栈分配无保护页,栈溢出可能覆盖堆内存,若绕过ASLR强化,可能允许任意代码执行作为Nix守护进程。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| NixOS | Nix | 2.24.4 ~ 2.28.7 | - | |
| Lix Project | Lix | 2.93.0 ~ 2.93.4 | - |
II. Public POCs for CVE-2026-44028
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-44028
请登录查看更多情报信息。
IV. Related Vulnerabilities
Same vendor: NixOS
- CVE-2026-44029
Nix 安全漏洞 - CVE-2026-39860
Nix sandbox escape: file write via symlink at FOD `.tmp` cop - CVE-2026-25740
Privilege escalation to the `CAP_NET_RAW` capability via the - CVE-2026-25137
NixOs Odoo database and filestore publicly accessible with d - CVE-2026-23838
Tandoor Recipes module allows SQLite database to be external
Same weakness: CWE-674
- CVE-2026-41311
LiquidJS is vulnerable to Denial of Service via circular blo - CVE-2026-41673
xmldom: Denial of service via uncontrolled recursion in XML - CVE-2026-7164
pf can overflow the stack parsing crafted SCTP packets - CVE-2026-5409
Uncontrolled Recursion in Wireshark - CVE-2026-5408
Uncontrolled Recursion in Wireshark
V. Comments for CVE-2026-44028
No comments yet