Nixpkgs security tracker
Untriaged
Permalink
CVE-2026-9039
8.6 HIGH
- CVSS version (CVSS): 4.0
- Attack Vector (AV): Physical (P)
- Attack Complexity (AC): Low (L)
- Attack Requirement (AT): None (N)
- Privileges Required (PR): None (N)
- User Interaction (UI): None (N)
- Vulnerable System Impact Confidentiality (VC): High (H)
- Vulnerable System Impact Integrity (VI): High (H)
- Vulnerable System Impact Availability (VA): High (H)
- Subsequent System Impact Confidentiality (SC): High (H)
- Subsequent System Impact Integrity (SI): High (H)
- Subsequent System Impact Availability (SA): High (H)
- Modified Attack Vector (MAV): Physical (P)
- Modified Attack Complexity (MAC): Low (L)
- Modified Attack Requirement (MAT): None (N)
- Modified Privileges Required (MPR): None (N)
- Modified User Interaction (MUI): None (N)
- Modified Vulnerable System Impact Confidentiality (MVC): High (H)
- Modified Vulnerable System Impact Integrity (MVI): High (H)
- Modified Vulnerable System Impact Availability (MVA): High (H)
- Modified Subsequent System Impact Confidentiality (MSC): High (H)
- Modified Subsequent System Impact Integrity (MSI): High (H)
- Modified Subsequent System Impact Availability (MSA): High (H)
- Safety (S): Not Defined (X)
- Automatable (AU): Not Defined (X)
- Recovery (R): Not Defined (X)
- Value Density (V): Not Defined (X)
- Vulnerability Response Effort (RE): Not Defined (X)
- Provider Urgency (U): Not Defined (X)
- Confidentiality Req. (CR): Not Defined (X)
- Integrity Req. (IR): Not Defined (X)
- Availability Req. (AR): Not Defined (X)
- Exploit Maturity (E): Not Defined (X)
Activity log
- Created suggestion
Initialization of a resource with an insecure default in XCharge C6
A configuration weakness in the device’s remote management service allows an authenticated session to be established over a communication channel intended solely for vehicle-charger signaling. The service is accessible on interfaces exposed through the charging connector, and it accepts a default administrative credential. A malicious device physically connected to the charging interface could leverage this misconfiguration to obtain full administrative access.
References
-
https://www.cisa.gov/news-events/ics-advisories/icsa-26-148-08 government-resource
Affected products
C6
- <May_22_2026
Matching in nixpkgs
pkgs.cc65
C compiler for processors of 6502 family
pkgs.sc68
Atari ST and Amiga music player
-
nixos-unstable 2.2.1-unstable-2024-09-09
- nixpkgs-unstable 2.2.1-unstable-2024-09-09
- nixos-unstable-small 2.2.1-unstable-2024-09-09
-
nixos-25.11 2022-11-24
- nixos-25.11-small 2022-11-24
- nixpkgs-25.11-darwin 2022-11-24
pkgs.ndisc6
Small collection of useful tools for IPv6 networking
pkgs.libiec61850
Open-source library for the IEC 61850 protocols
pkgs.libiec61883
None
pkgs.c64-debugger
Commodore 64, Atari XL/XE and NES code and memory debugger that works in real time
pkgs.crc64fast-nvme
SIMD accelerated carryless-multiplication CRC-64/NVME checksum computation (based on Intel's PCLMULQDQ paper)
pkgs.replay-node-cli
Time Travel Debugger for Web Development - Node Command Line
-
nixos-unstable 0.1.7-20220726-bac6d66b5ca1-5b966f2f136c
- nixpkgs-unstable 0.1.7-20220726-bac6d66b5ca1-5b966f2f136c
- nixos-unstable-small 0.1.7-20220726-bac6d66b5ca1-5b966f2f136c
-
nixos-25.11 0.1.7-20220726-bac6d66b5ca1-5b966f2f136c
- nixos-25.11-small 0.1.7-20220726-bac6d66b5ca1-5b966f2f136c
- nixpkgs-25.11-darwin 0.1.7-20220726-bac6d66b5ca1-5b966f2f136c
pkgs.vimpager-latest
Use Vim as PAGER
-
nixos-unstable a4da4dfac44d1bbc6986c5c76fea45a60ebdd8e5
- nixpkgs-unstable a4da4dfac44d1bbc6986c5c76fea45a60ebdd8e5
- nixos-unstable-small a4da4dfac44d1bbc6986c5c76fea45a60ebdd8e5
-
nixos-25.11 a4da4dfac44d1bbc6986c5c76fea45a60ebdd8e5
- nixos-25.11-small a4da4dfac44d1bbc6986c5c76fea45a60ebdd8e5
- nixpkgs-25.11-darwin a4da4dfac44d1bbc6986c5c76fea45a60ebdd8e5
pkgs.akkuPackages.oleg
Libraries written by Oleg ported to Chez Scheme
-
nixos-unstable 0.0.0-akku.2.c682687
- nixpkgs-unstable 0.0.0-akku.2.c682687
- nixos-unstable-small 0.0.0-akku.2.c682687
-
nixos-25.11 0.0.0-akku.2.c682687
- nixos-25.11-small 0.0.0-akku.2.c682687
- nixpkgs-25.11-darwin 0.0.0-akku.2.c682687
pkgs.ibus-engines.bamboo
Vietnamese IME for IBus
pkgs.sbclPackages.iterate
None
-
nixos-25.11 b0f9a9c6-git
- nixos-25.11-small b0f9a9c6-git
- nixpkgs-25.11-darwin b0f9a9c6-git
pkgs.coreboot-toolchain.ppc64
Coreboot toolchain for ppc64 targets
-
nixos-unstable ppc64-25.12
- nixpkgs-unstable ppc64-26.03
- nixos-unstable-small ppc64-26.03
-
nixos-25.11 ppc64-25.03
- nixos-25.11-small ppc64-25.03
- nixpkgs-25.11-darwin ppc64-25.03
pkgs.akkuPackages.chez-sockets
Full Blown, portable, and extensible sockets library for Chez Scheme
-
nixos-unstable 0.0.0-akku.13.c3fc663.1
- nixpkgs-unstable 0.0.0-akku.13.c3fc663.1
- nixos-unstable-small 0.0.0-akku.13.c3fc663.1
-
nixos-25.11 0.0.0-akku.13.c3fc663.1
- nixos-25.11-small 0.0.0-akku.13.c3fc663.1
- nixpkgs-25.11-darwin 0.0.0-akku.13.c3fc663.1
pkgs.python312Packages.rfc6555
Python implementation of the Happy Eyeballs Algorithm
-
nixos-25.11 rfc6555-0.1.0
- nixos-25.11-small rfc6555-0.1.0
- nixpkgs-25.11-darwin rfc6555-0.1.0
pkgs.python313Packages.rfc6555
Python implementation of the Happy Eyeballs Algorithm
-
nixos-unstable rfc6555-0.1.0
- nixpkgs-unstable rfc6555-0.1.0
- nixos-unstable-small rfc6555-0.1.0
-
nixos-25.11 rfc6555-0.1.0
- nixos-25.11-small rfc6555-0.1.0
- nixpkgs-25.11-darwin rfc6555-0.1.0
pkgs.python314Packages.rfc6555
Python implementation of the Happy Eyeballs Algorithm
-
nixos-unstable rfc6555-0.1.0
- nixpkgs-unstable rfc6555-0.1.0
- nixos-unstable-small rfc6555-0.1.0
pkgs.dhallPackages.dhall-kubernetes
None
-
nixos-unstable 3.0.0-3c6d09a9409977cdde58a091d76a6d20509ca4b0
- nixpkgs-unstable 3.0.0-3c6d09a9409977cdde58a091d76a6d20509ca4b0
- nixos-unstable-small 3.0.0-3c6d09a9409977cdde58a091d76a6d20509ca4b0
-
nixos-25.11 3.0.0-3c6d09a9409977cdde58a091d76a6d20509ca4b0
- nixos-25.11-small 3.0.0-3c6d09a9409977cdde58a091d76a6d20509ca4b0
- nixpkgs-25.11-darwin 3.0.0-3c6d09a9409977cdde58a091d76a6d20509ca4b0
pkgs.python312Packages.steamworkspy
Python API system for Valve's Steamworks
-
nixos-25.11 26780de81b8c14d48fe8d757c642086f2af2a66b
- nixos-25.11-small 26780de81b8c14d48fe8d757c642086f2af2a66b
- nixpkgs-25.11-darwin 26780de81b8c14d48fe8d757c642086f2af2a66b
pkgs.python313Packages.steamworkspy
Python API system for Valve's Steamworks
-
nixos-unstable 26780de81b8c14d48fe8d757c642086f2af2a66b
- nixpkgs-unstable 26780de81b8c14d48fe8d757c642086f2af2a66b
- nixos-unstable-small 26780de81b8c14d48fe8d757c642086f2af2a66b
-
nixos-25.11 26780de81b8c14d48fe8d757c642086f2af2a66b
- nixos-25.11-small 26780de81b8c14d48fe8d757c642086f2af2a66b
- nixpkgs-25.11-darwin 26780de81b8c14d48fe8d757c642086f2af2a66b
pkgs.python314Packages.steamworkspy
Python API system for Valve's Steamworks
-
nixos-unstable 26780de81b8c14d48fe8d757c642086f2af2a66b
- nixpkgs-unstable 26780de81b8c14d48fe8d757c642086f2af2a66b
- nixos-unstable-small 26780de81b8c14d48fe8d757c642086f2af2a66b
pkgs.vimPlugins.nvim-treesitter-parsers.pod
Tree-sitter grammar for pod
-
nixos-unstable 0.0.0+rev=57c606a
- nixpkgs-unstable 0.0.0+rev=57c606a
- nixos-unstable-small 0.0.0+rev=57c606a
pkgs.vimPlugins.nvim-treesitter-parsers.vhs
Tree-sitter grammar for vhs
-
nixos-unstable 0.0.0+rev=0c6fae9
- nixpkgs-unstable 0.0.0+rev=0c6fae9
- nixos-unstable-small 0.0.0+rev=0c6fae9
pkgs.vimPlugins.nvim-treesitter-parsers.rasi
Tree-sitter grammar for rasi
-
nixos-unstable 0.0.0+rev=e735c68
- nixpkgs-unstable 0.0.0+rev=e735c68
- nixos-unstable-small 0.0.0+rev=e735c68
pkgs.vimPlugins.nvim-treesitter-parsers.scss
Tree-sitter grammar for scss
-
nixos-unstable 0.0.0+rev=c478c68
- nixpkgs-unstable 0.0.0+rev=c478c68
- nixos-unstable-small 0.0.0+rev=c478c68
pkgs.vimPlugins.nvim-treesitter-parsers.yuck
Tree-sitter grammar for yuck
-
nixos-unstable 0.0.0+rev=6c60112
- nixpkgs-unstable 0.0.0+rev=6c60112
- nixos-unstable-small 0.0.0+rev=6c60112
pkgs.vimPlugins.nvim-treesitter-parsers.templ
Tree-sitter grammar for templ
-
nixos-unstable 0.0.0+rev=1c6db04
- nixpkgs-unstable 0.0.0+rev=1c6db04
- nixos-unstable-small 0.0.0+rev=1c6db04
pkgs.vimPlugins.nvim-treesitter-parsers.scheme
Tree-sitter grammar for scheme
-
nixos-unstable 0.0.0+rev=c6cb7c7
- nixpkgs-unstable 0.0.0+rev=c6cb7c7
- nixos-unstable-small 0.0.0+rev=c6cb7c7
pkgs.androidenv.androidPkgs.all.packages.build-tools.v30_0_3
Android SDK tools, packaged in Nixpkgs
-
nixos-unstable tools_r30.0.3-macosx.zip
- nixpkgs-unstable tools_r30.0.3-macosx.zip
- nixos-unstable-small tools_r30.0.3-macosx.zip
-
nixos-25.11 tools_r30.0.3-macosx.zip
- nixos-25.11-small tools_r30.0.3-macosx.zip
- nixpkgs-25.11-darwin tools_r30.0.3-macosx.zip
pkgs.androidenv.androidPkgs.all.packages.build-tools.v32_0_0
Android SDK tools, packaged in Nixpkgs
-
nixos-unstable tools_r32-macosx.zip
- nixpkgs-unstable tools_r32-macosx.zip
- nixos-unstable-small tools_r32-macosx.zip
-
nixos-25.11 tools_r32-macosx.zip
- nixos-25.11-small tools_r32-macosx.zip
- nixpkgs-25.11-darwin tools_r32-macosx.zip
Package maintainers
-
@hadilq Hadi Lashkari Ghouchani <hadilq.dev@gmail.com>
-
@RossComputerGuy Tristan Ross <tristan.ross@midstall.com>
-
@adrian-gierakowski Adrian Gierakowski <adrian.gierakowski@gmail.com>
-
@johnrtitor Masum Reza <masumrezarock100@gmail.com>
-
@numinit Morgan Jones <me+nixpkgs@numin.it>
-
@Detegr Antti Keränen <detegr@rbx.email>
-
@jmbaur Jared Baur <jaredbaur@fastmail.com>
-
@felixsinger Felix Singer <felixsinger@posteo.net>
-
@powwu powwu <hello@powwu.sh>
-
@stv0g Steffen Vogel <post@steffenvogel.de>
-
@PJungkamp Philipp Jungkamp <philipp@jungkamp.dev>
-
@weirdrock weirdrock <weirdrock@riseup.net>
-
@phryneas Lenz Weber <mail@lenzw.de>
-
@OPNA2608 Cosima Neidahl <opna2608@protonmail.com>
-
@nagy Daniel Nagy <danielnagy@posteo.de>
-
@lukego Luke Gorrie <luke@snabb.co>
-
@Uthar Kasper Gałkowski <galkowskikasper@gmail.com>
-
@7c6f434c Michael Raskin <7c6f434c@mail.ru>
-
@hraban Hraban Luyat <hraban@0brg.net>