Nixpkgs security tracker

Untriaged

Permalink CVE-2026-6024

7.3 HIGH

CVSS version: 3.1
Attack vector (AV):
Attack complexity (AC):
Privileges required (PR):
User interaction (UI):
Scope (S):
Confidentiality impact (C):
Integrity impact (I):
Availability impact (A):

created 4 days ago

Tenda i6 HTTP R7WebsSecurityHandlerfunction path traversal

A vulnerability was determined in Tenda i6 1.0.0.7(2204). Affected by this issue is the function R7WebsSecurityHandlerfunction of the component HTTP Handler. This manipulation causes path traversal. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be utilized.

References

VDB-356600 | Tenda i6 HTTP R7WebsSecurityHandlerfunction path traversal vdb-entrytechnical-description
VDB-356600 | CTI Indicators (IOB, IOC, TTP, IOA) signaturepermissions-required
Submit #791826 | Tenda i6 V1.0.0.7(2204) Path Traversal third-party-advisory
https://github.com/Litengzheng/vuldb_new/blob/main/M3/vul_84/README.md exploit
https://www.tenda.com.cn/ product

Affected products

==1.0.0.7(2204)

Matching in nixpkgs

pkgs.tests.fetchpatch2.hunks

None

nixos-unstable i6w1nd25mdns
- nixpkgs-unstable i6w1nd25mdns
- nixos-unstable-small i6w1nd25mdns

pkgs.tests.fetchpatch2.decode

None

nixos-25.11 i6vx4j3n3dac
- nixos-25.11-small i6vx4j3n3dac
- nixpkgs-25.11-darwin i6vx4j3n3dac

pkgs.tests.fetchpatch2.simple

None

nixos-unstable 2fda4x41i607
- nixpkgs-unstable 2fda4x41i607
- nixos-unstable-small 2fda4x41i607

pkgs.tests.fetchzip.postFetch

None

nixos-unstable kbzs7f8irgi6
- nixpkgs-unstable kbzs7f8irgi6
- nixos-unstable-small kbzs7f8irgi6

pkgs.python312Packages.aiobafi6

Library for communication with the Big Ass Fans i6 firmware

nixos-25.11 aiobafi6-0.10.0
- nixos-25.11-small aiobafi6-0.10.0
- nixpkgs-25.11-darwin aiobafi6-0.10.0

pkgs.python313Packages.aiobafi6

Library for communication with the Big Ass Fans i6 firmware

nixos-unstable aiobafi6-0.10.1
- nixpkgs-unstable aiobafi6-0.10.1
- nixos-unstable-small aiobafi6-0.10.1
nixos-25.11 aiobafi6-0.10.0
- nixos-25.11-small aiobafi6-0.10.0
- nixpkgs-25.11-darwin aiobafi6-0.10.0

pkgs.python314Packages.aiobafi6

Library for communication with the Big Ass Fans i6 firmware

nixos-unstable aiobafi6-0.10.1
- nixpkgs-unstable aiobafi6-0.10.1
- nixos-unstable-small aiobafi6-0.10.1

pkgs.tests.fetchFromGitHub.leave-git

None

nixos-unstable i6x92w77k0dr
- nixpkgs-unstable i6x92w77k0dr
- nixos-unstable-small i6x92w77k0dr

pkgs.tests.fetchPypiLegacy.fetchSimple

None

nixos-25.11 0ldjg4xi6gdn
- nixos-25.11-small 0ldjg4xi6gdn
- nixpkgs-25.11-darwin 0ldjg4xi6gdn

pkgs.tests.prefer-remote-fetch.fetchzip

None

nixos-unstable gd4wxpxcwni6
- nixpkgs-unstable gd4wxpxcwni6
- nixos-unstable-small gd4wxpxcwni6

Package maintainers

@fabaff Fabian Affolter <mail@fabian-affolter.ch>

Suggestion detail

References

Affected products

Matching in nixpkgs

pkgs.tests.fetchpatch2.hunks

pkgs.tests.fetchpatch2.decode

pkgs.tests.fetchpatch2.simple

pkgs.tests.fetchzip.postFetch

pkgs.python312Packages.aiobafi6

pkgs.python313Packages.aiobafi6

pkgs.python314Packages.aiobafi6

pkgs.tests.fetchFromGitHub.leave-git

pkgs.tests.fetchPypiLegacy.fetchSimple

pkgs.tests.prefer-remote-fetch.fetchzip

Package maintainers