Nixpkgs security tracker

Untriaged

Permalink CVE-2026-4369

7.1 HIGH

CVSS version: 3.1
Attack vector (AV): LOCAL
Attack complexity (AC): LOW
Privileges required (PR): NONE
User interaction (UI): REQUIRED
Scope (S): UNCHANGED
Confidentiality impact (C): HIGH
Integrity impact (I): HIGH
Availability impact (A): NONE

created 2 hours ago

Stored Cross-Site Scripting (XSS) Vulnerability in Assembly Variant Name

A maliciously crafted HTML payload in an assembly variant name, when displayed during the delete confirmation dialog and clicked by a user, can trigger a Stored Cross-site Scripting (XSS) vulnerability in the Autodesk Fusion desktop application. A malicious actor may leverage this vulnerability to read local files or execute arbitrary code in the context of the current process.

References

Affected products

Fusion

<2702.1.47

Matching in nixpkgs

pkgs.datafusion-cli

CLI for Apache Arrow DataFusion

nixos-unstable 53.0.0
- nixpkgs-unstable 53.0.0
- nixos-unstable-small 53.0.0
nixos-25.11 50.3.0
- nixos-25.11-small 50.3.0
- nixpkgs-25.11-darwin 50.3.0

pkgs.lxgw-fusionkai

Simplified Chinese font derived from LXGW WenKai GB, iansui and Klee One

nixos-unstable 24.134
- nixpkgs-unstable 24.134
- nixos-unstable-small 24.134
nixos-25.11 24.134
- nixos-25.11-small 24.134
- nixpkgs-25.11-darwin 24.134

pkgs.fusionInventory

FusionInventory unified Agent for UNIX, Linux, Windows and MacOSX

nixos-unstable 2.6
- nixpkgs-unstable 2.6
- nixos-unstable-small 2.6
nixos-25.11 2.6
- nixos-25.11-small 2.6
- nixpkgs-25.11-darwin 2.6

pkgs.finalfusion-utils

Utility for converting, quantizing, and querying word embeddings

nixos-unstable 0.14.1
- nixpkgs-unstable 0.14.1
- nixos-unstable-small 0.14.1
nixos-25.11 0.14.1
- nixos-25.11-small 0.14.1
- nixpkgs-25.11-darwin 0.14.1

pkgs.stable-diffusion-cpp

Stable Diffusion inference in pure C/C++

nixos-unstable 558-8afbeb6
- nixpkgs-unstable 558-8afbeb6
- nixos-unstable-small 558-8afbeb6

pkgs.fusioninventory-agent

FusionInventory unified Agent for UNIX, Linux, Windows and MacOSX

nixos-unstable 2.6
- nixpkgs-unstable 2.6
- nixos-unstable-small 2.6
nixos-25.11 2.6
- nixos-25.11-small 2.6
- nixpkgs-25.11-darwin 2.6

pkgs.stable-diffusion-cpp-cuda

Stable Diffusion inference in pure C/C++

nixos-unstable 558-8afbeb6
- nixpkgs-unstable 558-8afbeb6
- nixos-unstable-small 558-8afbeb6

pkgs.stable-diffusion-cpp-rocm

Stable Diffusion inference in pure C/C++

nixos-unstable 558-8afbeb6
- nixpkgs-unstable 558-8afbeb6
- nixos-unstable-small 558-8afbeb6

pkgs.stable-diffusion-cpp-vulkan

Stable Diffusion inference in pure C/C++

nixos-unstable 558-8afbeb6
- nixpkgs-unstable 558-8afbeb6
- nixos-unstable-small 558-8afbeb6

pkgs.python312Packages.datafusion

Extensible query execution framework

nixos-25.11 50.0.0
- nixos-25.11-small 50.0.0
- nixpkgs-25.11-darwin 50.0.0

pkgs.python313Packages.datafusion

Extensible query execution framework

nixos-unstable 52.3.0
- nixpkgs-unstable 52.3.0
- nixos-unstable-small 52.3.0
nixos-25.11 50.0.0
- nixos-25.11-small 50.0.0
- nixpkgs-25.11-darwin 50.0.0

pkgs.python313Packages.vegafusion

Core tools for using VegaFusion from Python

nixos-unstable 2.0.3
- nixpkgs-unstable 2.0.3
- nixos-unstable-small 2.0.3

pkgs.python314Packages.datafusion

Extensible query execution framework

nixos-unstable 52.3.0
- nixpkgs-unstable 52.3.0
- nixos-unstable-small 52.3.0

pkgs.python314Packages.vegafusion

Core tools for using VegaFusion from Python

nixos-unstable 2.0.3
- nixpkgs-unstable 2.0.3
- nixos-unstable-small 2.0.3

pkgs.haskellPackages.fusion-plugin

GHC plugin to make stream fusion more predictable

nixos-unstable 0.2.7
- nixpkgs-unstable 0.2.7
- nixos-unstable-small 0.2.7
nixos-25.11 0.2.7
- nixos-25.11-small 0.2.7
- nixpkgs-25.11-darwin 0.2.7

pkgs.pkgsRocm.stable-diffusion-cpp

Stable Diffusion inference in pure C/C++

nixos-unstable 558-8afbeb6
- nixpkgs-unstable 558-8afbeb6
- nixos-unstable-small 558-8afbeb6

pkgs.python312Packages.finalfusion

Python module for using finalfusion, word2vec, and fastText word embeddings

nixos-25.11 0.7.1
- nixos-25.11-small 0.7.1
- nixpkgs-25.11-darwin 0.7.1

pkgs.python312Packages.k-diffusion

Karras et al. (2022) diffusion models for PyTorch

nixos-25.11 0.1.1.post1
- nixos-25.11-small 0.1.1.post1
- nixpkgs-25.11-darwin 0.1.1.post1

pkgs.python313Packages.finalfusion

Python module for using finalfusion, word2vec, and fastText word embeddings

nixos-unstable 0.7.1
- nixpkgs-unstable 0.7.1
- nixos-unstable-small 0.7.1
nixos-25.11 0.7.1
- nixos-25.11-small 0.7.1
- nixpkgs-25.11-darwin 0.7.1

pkgs.python313Packages.k-diffusion

Karras et al. (2022) diffusion models for PyTorch

nixos-unstable 0.1.1.post1
- nixpkgs-unstable 0.1.1.post1
- nixos-unstable-small 0.1.1.post1
nixos-25.11 0.1.1.post1
- nixos-25.11-small 0.1.1.post1
- nixpkgs-25.11-darwin 0.1.1.post1

pkgs.python314Packages.finalfusion

Python module for using finalfusion, word2vec, and fastText word embeddings

nixos-unstable 0.7.1
- nixpkgs-unstable 0.7.1
- nixos-unstable-small 0.7.1

pkgs.python314Packages.k-diffusion

Karras et al. (2022) diffusion models for PyTorch

nixos-unstable 0.1.1.post1
- nixpkgs-unstable 0.1.1.post1
- nixos-unstable-small 0.1.1.post1

pkgs.haskellPackages.gogol-datafusion

Google Cloud Data Fusion SDK

nixos-unstable 1.0.0
- nixpkgs-unstable 1.0.0
- nixos-unstable-small 1.0.0
nixos-25.11 1.0.0
- nixos-25.11-small 1.0.0
- nixpkgs-25.11-darwin 1.0.0

pkgs.haskellPackages.gogol-fusiontables

Google Fusion Tables SDK

nixos-unstable 1.0.0
- nixpkgs-unstable 1.0.0
- nixos-unstable-small 1.0.0
nixos-25.11 1.0.0
- nixos-25.11-small 1.0.0
- nixpkgs-25.11-darwin 1.0.0

pkgs.haskellPackages.fusion-plugin-types

Types for the fusion-plugin package

nixos-unstable 0.1.0
- nixpkgs-unstable 0.1.0
- nixos-unstable-small 0.1.0
nixos-25.11 0.1.0
- nixos-25.11-small 0.1.0
- nixpkgs-25.11-darwin 0.1.0

pkgs.pkgsRocm.python3Packages.k-diffusion

Karras et al. (2022) diffusion models for PyTorch

nixos-unstable 0.1.1.post1
- nixpkgs-unstable 0.1.1.post1
- nixos-unstable-small 0.1.1.post1
nixos-25.11 0.1.1.post1
- nixos-25.11-small 0.1.1.post1
- nixpkgs-25.11-darwin 0.1.1.post1

pkgs.pkgsRocm.stable-diffusion-cpp-vulkan

Stable Diffusion inference in pure C/C++

nixos-unstable 558-8afbeb6
- nixpkgs-unstable 558-8afbeb6
- nixos-unstable-small 558-8afbeb6

pkgs.vimPlugins.nvim-treesitter-parsers.fusion

None

nixos-25.11 -
- nixos-25.11-small
- nixpkgs-25.11-darwin

Package maintainers

@happysalada Raphael Megzari <raphael@megzari.com>
@phile314 Philipp Hausmann <nix@314.ch>
@hellodword hellodword
@Mic92 Jörg Thalheim <joerg@thalheim.io>
@dit7ya Mostly Void <7rat13@gmail.com>
@adrlau Adrian Gunnar Lauterer <adrian@lauterer.it>
@cpcloud Phillip Cloud
@wariuccio Wariuccio

Suggestion detail

References

Affected products

Matching in nixpkgs

pkgs.datafusion-cli

pkgs.lxgw-fusionkai

pkgs.fusionInventory

pkgs.finalfusion-utils

pkgs.stable-diffusion-cpp

pkgs.fusioninventory-agent

pkgs.stable-diffusion-cpp-cuda

pkgs.stable-diffusion-cpp-rocm

pkgs.stable-diffusion-cpp-vulkan

pkgs.python312Packages.datafusion

pkgs.python313Packages.datafusion

pkgs.python313Packages.vegafusion

pkgs.python314Packages.datafusion

pkgs.python314Packages.vegafusion

pkgs.haskellPackages.fusion-plugin

pkgs.pkgsRocm.stable-diffusion-cpp

pkgs.python312Packages.finalfusion

pkgs.python312Packages.k-diffusion

pkgs.python313Packages.finalfusion

pkgs.python313Packages.k-diffusion

pkgs.python314Packages.finalfusion

pkgs.python314Packages.k-diffusion

pkgs.haskellPackages.gogol-datafusion

pkgs.haskellPackages.gogol-fusiontables

pkgs.haskellPackages.fusion-plugin-types

pkgs.pkgsRocm.python3Packages.k-diffusion

pkgs.pkgsRocm.stable-diffusion-cpp-vulkan

pkgs.vimPlugins.nvim-treesitter-parsers.fusion

Package maintainers