Nixpkgs security tracker

Login with GitHub

⚠️ You are using a production deployment that is still only suitable for demo purposes. Any work done in this might be wiped later without notice.

Suggestion detail

Untriaged

Permalink CVE-2026-5962

7.3 HIGH

CVSS version: 3.1
Attack vector (AV):
Attack complexity (AC):
Privileges required (PR):
User interaction (UI):
Scope (S):
Confidentiality impact (C):
Integrity impact (I):
Availability impact (A):

created 5 days, 13 hours ago

Tenda CH22 httpd R7WebsSecurityHandlerfunction path traversal

A vulnerability was detected in Tenda CH22 1.0.0.6(468). This issue affects the function R7WebsSecurityHandlerfunction of the component httpd. The manipulation results in path traversal. The attack may be launched remotely. The exploit is now public and may be used.

References

VDB-356515 | Tenda CH22 httpd R7WebsSecurityHandlerfunction path traversal vdb-entrytechnical-description
VDB-356515 | CTI Indicators (IOB, IOC, TTP, IOA) signaturepermissions-required
Submit #791277 | Tenda CH22 V1.0.0.6(468) Path Traversal third-party-advisory
https://github.com/Litengzheng/vuldb_new/blob/main/CH22/vul_55/README.md exploit
https://www.tenda.com.cn/ product

Affected products

CH22

==1.0.0.6(468)

Matching in nixpkgs

pkgs.python312Packages.pycatch22

Python implementation of catch22

nixos-25.11 pycatch22-0.4.5
- nixos-25.11-small pycatch22-0.4.5
- nixpkgs-25.11-darwin pycatch22-0.4.5

pkgs.python313Packages.pycatch22

Python implementation of catch22

nixos-unstable pycatch22-0.4.5
- nixpkgs-unstable pycatch22-0.4.5
- nixos-unstable-small pycatch22-0.4.5
nixos-25.11 pycatch22-0.4.5
- nixos-25.11-small pycatch22-0.4.5
- nixpkgs-25.11-darwin pycatch22-0.4.5

pkgs.python314Packages.pycatch22

Python implementation of catch22

nixos-unstable pycatch22-0.4.5
- nixpkgs-unstable pycatch22-0.4.5
- nixos-unstable-small pycatch22-0.4.5

Package maintainers

@mbalatsko Maksym Balatsko <mbalatsko@gmail.com>