Critical Nix Security Vulnerability Allows Root Privilege Escalation Through Symlink Attacks

A critical security vulnerability has been discovered in the Nix package manager that allows any user with build submission privileges to achieve arbitrary file writes as root, potentially leading to complete system compromise. The vulnerability, tracked as CVE-2026-39860 and GHSA-g3g9-5vj6-r3gj, affects all Nix versions since 2.21 and specific patch releases prior to the fixed versions.

The Vulnerability: Symlink Following During FOD Output Registration

The core issue stems from improper handling of symbolic links during fixed-output derivation (FOD) output registration. When a user submits a build to the Nix daemon, the system processes the build outputs and registers them. However, a flaw in this registration process allows malicious users to exploit symlink following behavior to overwrite arbitrary files on the system as the daemon user.

Since the Nix daemon runs as root on NixOS and in multi-user installations, this vulnerability effectively grants any authorized user root-level file system access. The attack vector is particularly concerning because it affects the default configuration where "allowed-users" includes "everyone," meaning any user on the system can potentially exploit this vulnerability.

Scope and Impact Assessment

The vulnerability impacts a wide range of Nix installations:

• All Nix versions since 2.21 are affected
• Specific patch releases from 2.18.2 through 2.34.4 are vulnerable
• Sandboxed Linux configurations are affected
• Default NixOS configurations are impacted
• Systems building untrusted derivations face the highest risk

Notably, sandboxed macOS configurations are unaffected, and Lix users are not vulnerable to this specific issue. This distinction is important for users who have migrated to alternative package management solutions.

Technical Context and Root Cause

This vulnerability was introduced as part of fixes for CVE-2024-27297, highlighting the complex nature of security patching where new fixes can inadvertently introduce new vulnerabilities. The issue specifically relates to how the Nix daemon handles file descriptor passing between distinct sandboxes during the FOD output registration process.

The patches for versions 2.31 through 2.34 include additional mitigations designed to prevent cooperating fixed-output derivations from communicating and passing file descriptors between distinct sandboxes. However, these mitigations were insufficient to prevent the symlink-based attack vector that enables arbitrary file overwrites.

Fixed Versions and Mitigation Steps

Several Nix versions have been released with the necessary security patches:

• 2.34.5 (primary fix)
• 2.33.4
• 2.32.7
• 2.31.4
• 2.30.4
• 2.29.3
• 2.28.6

Users should immediately upgrade to one of these patched versions. The Nixpkgs repository is being updated with these fixed versions:

• Unstable channel: commits #507699 and #507730
• 25.11 release: commit #507681

Immediate Actions for System Administrators

System administrators should take the following steps to protect their systems:

1. Immediate Upgrade: Upgrade to a patched Nix version as soon as possible
2. Access Control Review: Review and restrict the "allowed-users" configuration to minimize the attack surface
3. Monitor for Suspicious Activity: Look for unusual build submissions or file system modifications
4. Consider Temporary Workarounds: If immediate upgrade is not possible, consider restricting build submission capabilities to trusted users only

Broader Security Implications

This vulnerability underscores several important security considerations for package management systems:

Principle of Least Privilege: The default configuration allowing all users to submit builds represents a significant security risk. System administrators should carefully evaluate whether this level of access is necessary for their use cases.

Complex Attack Surfaces: Package managers like Nix operate with elevated privileges and handle untrusted code from various sources. This creates a complex attack surface that requires careful security design and ongoing vulnerability assessment.

Security Patching Challenges: The fact that this vulnerability was introduced while fixing a previous issue (CVE-2024-27297) demonstrates the challenges of security patching. Fixes can have unintended consequences, and comprehensive testing is essential.

Supply Chain Security: Nix's ability to build and install software from various sources makes it a critical component in the software supply chain. Vulnerabilities in package managers can have cascading effects throughout the entire software ecosystem.

Community Response and Coordination

The Nix community has responded swiftly to this vulnerability. The disclosure process involved coordinated efforts between multiple stakeholders:

• @edef for discovering and responsibly disclosing the vulnerability
• @edolstra for coordinating fixes with Determinate Systems
• The infrastructure team for temporarily switching hydra.nixos.org builders to Lix during the embargo period

This coordinated response demonstrates the maturity of the Nix security ecosystem and the community's commitment to responsible disclosure practices.

Long-term Security Considerations

Moving forward, the Nix project and its users should consider several long-term security improvements:

1. Enhanced Sandbox Isolation: Strengthening the isolation between different build sandboxes to prevent cross-contamination and privilege escalation
2. Improved Input Validation: Implementing more rigorous validation of build outputs and file operations during the registration process
3. Runtime Security Monitoring: Adding runtime monitoring capabilities to detect and prevent suspicious file operations
4. Security-Aware Configuration Defaults: Reconsidering default configurations that may expose systems to unnecessary risk

Conclusion

The CVE-2026-39860 vulnerability represents a significant security challenge for the Nix ecosystem, affecting a wide range of installations and potentially enabling complete system compromise. However, the swift response from the community, the availability of patched versions, and the coordinated disclosure process demonstrate the resilience of the Nix security framework.

System administrators should prioritize upgrading to patched versions and reviewing their access control configurations. The incident also serves as a reminder of the critical security responsibilities that come with package management systems and the importance of maintaining robust security practices in software supply chains.

For users and administrators, this vulnerability reinforces the need for vigilance in package management security, regular system updates, and careful consideration of default configuration choices that may impact system security.