Nixpkgs security tracker
Untriaged
Permalink
CVE-2026-9038
8.6 HIGH
- CVSS version (CVSS): 4.0
- Attack Vector (AV): Physical (P)
- Attack Complexity (AC): Low (L)
- Attack Requirement (AT): None (N)
- Privileges Required (PR): None (N)
- User Interaction (UI): None (N)
- Vulnerable System Impact Confidentiality (VC): High (H)
- Vulnerable System Impact Integrity (VI): High (H)
- Vulnerable System Impact Availability (VA): High (H)
- Subsequent System Impact Confidentiality (SC): High (H)
- Subsequent System Impact Integrity (SI): High (H)
- Subsequent System Impact Availability (SA): High (H)
- Modified Attack Vector (MAV): Physical (P)
- Modified Attack Complexity (MAC): Low (L)
- Modified Attack Requirement (MAT): None (N)
- Modified Privileges Required (MPR): None (N)
- Modified User Interaction (MUI): None (N)
- Modified Vulnerable System Impact Confidentiality (MVC): High (H)
- Modified Vulnerable System Impact Integrity (MVI): High (H)
- Modified Vulnerable System Impact Availability (MVA): High (H)
- Modified Subsequent System Impact Confidentiality (MSC): High (H)
- Modified Subsequent System Impact Integrity (MSI): High (H)
- Modified Subsequent System Impact Availability (MSA): High (H)
- Safety (S): Not Defined (X)
- Automatable (AU): Not Defined (X)
- Recovery (R): Not Defined (X)
- Value Density (V): Not Defined (X)
- Vulnerability Response Effort (RE): Not Defined (X)
- Provider Urgency (U): Not Defined (X)
- Confidentiality Req. (CR): Not Defined (X)
- Integrity Req. (IR): Not Defined (X)
- Availability Req. (AR): Not Defined (X)
- Exploit Maturity (E): Not Defined (X)
Activity log
- Created suggestion
Stack-based buffer overflow in XCharge C6
A stack-based buffer overflow vulnerability in the charging controller’s signal-processing logic allows an attacker with physical access to the charging interface to supply message fields that exceed expected bounds. Because the input is not sufficiently validated, memory corruption may occur, which can lead to execution of unauthorized code with elevated privileges.
References
-
https://www.cisa.gov/news-events/ics-advisories/icsa-26-148-08 government-resource
Affected products
C6
- <May_22_2026
Matching in nixpkgs
pkgs.cc65
C compiler for processors of 6502 family
pkgs.sc68
Atari ST and Amiga music player
-
nixos-unstable 2.2.1-unstable-2024-09-09
- nixpkgs-unstable 2.2.1-unstable-2024-09-09
- nixos-unstable-small 2.2.1-unstable-2024-09-09
-
nixos-25.11 2022-11-24
- nixos-25.11-small 2022-11-24
- nixpkgs-25.11-darwin 2022-11-24
pkgs.ndisc6
Small collection of useful tools for IPv6 networking
pkgs.libiec61850
Open-source library for the IEC 61850 protocols
pkgs.libiec61883
None
pkgs.c64-debugger
Commodore 64, Atari XL/XE and NES code and memory debugger that works in real time
pkgs.crc64fast-nvme
SIMD accelerated carryless-multiplication CRC-64/NVME checksum computation (based on Intel's PCLMULQDQ paper)
pkgs.replay-node-cli
Time Travel Debugger for Web Development - Node Command Line
-
nixos-unstable 0.1.7-20220726-bac6d66b5ca1-5b966f2f136c
- nixpkgs-unstable 0.1.7-20220726-bac6d66b5ca1-5b966f2f136c
- nixos-unstable-small 0.1.7-20220726-bac6d66b5ca1-5b966f2f136c
-
nixos-25.11 0.1.7-20220726-bac6d66b5ca1-5b966f2f136c
- nixos-25.11-small 0.1.7-20220726-bac6d66b5ca1-5b966f2f136c
- nixpkgs-25.11-darwin 0.1.7-20220726-bac6d66b5ca1-5b966f2f136c
pkgs.vimpager-latest
Use Vim as PAGER
-
nixos-unstable a4da4dfac44d1bbc6986c5c76fea45a60ebdd8e5
- nixpkgs-unstable a4da4dfac44d1bbc6986c5c76fea45a60ebdd8e5
- nixos-unstable-small a4da4dfac44d1bbc6986c5c76fea45a60ebdd8e5
-
nixos-25.11 a4da4dfac44d1bbc6986c5c76fea45a60ebdd8e5
- nixos-25.11-small a4da4dfac44d1bbc6986c5c76fea45a60ebdd8e5
- nixpkgs-25.11-darwin a4da4dfac44d1bbc6986c5c76fea45a60ebdd8e5
pkgs.akkuPackages.oleg
Libraries written by Oleg ported to Chez Scheme
-
nixos-unstable 0.0.0-akku.2.c682687
- nixpkgs-unstable 0.0.0-akku.2.c682687
- nixos-unstable-small 0.0.0-akku.2.c682687
-
nixos-25.11 0.0.0-akku.2.c682687
- nixos-25.11-small 0.0.0-akku.2.c682687
- nixpkgs-25.11-darwin 0.0.0-akku.2.c682687
pkgs.ibus-engines.bamboo
Vietnamese IME for IBus
pkgs.sbclPackages.iterate
None
-
nixos-25.11 b0f9a9c6-git
- nixos-25.11-small b0f9a9c6-git
- nixpkgs-25.11-darwin b0f9a9c6-git
pkgs.coreboot-toolchain.ppc64
Coreboot toolchain for ppc64 targets
-
nixos-unstable ppc64-25.12
- nixpkgs-unstable ppc64-26.03
- nixos-unstable-small ppc64-26.03
-
nixos-25.11 ppc64-25.03
- nixos-25.11-small ppc64-25.03
- nixpkgs-25.11-darwin ppc64-25.03
pkgs.akkuPackages.chez-sockets
Full Blown, portable, and extensible sockets library for Chez Scheme
-
nixos-unstable 0.0.0-akku.13.c3fc663.1
- nixpkgs-unstable 0.0.0-akku.13.c3fc663.1
- nixos-unstable-small 0.0.0-akku.13.c3fc663.1
-
nixos-25.11 0.0.0-akku.13.c3fc663.1
- nixos-25.11-small 0.0.0-akku.13.c3fc663.1
- nixpkgs-25.11-darwin 0.0.0-akku.13.c3fc663.1
pkgs.python312Packages.rfc6555
Python implementation of the Happy Eyeballs Algorithm
-
nixos-25.11 rfc6555-0.1.0
- nixos-25.11-small rfc6555-0.1.0
- nixpkgs-25.11-darwin rfc6555-0.1.0
pkgs.python313Packages.rfc6555
Python implementation of the Happy Eyeballs Algorithm
-
nixos-unstable rfc6555-0.1.0
- nixpkgs-unstable rfc6555-0.1.0
- nixos-unstable-small rfc6555-0.1.0
-
nixos-25.11 rfc6555-0.1.0
- nixos-25.11-small rfc6555-0.1.0
- nixpkgs-25.11-darwin rfc6555-0.1.0
pkgs.python314Packages.rfc6555
Python implementation of the Happy Eyeballs Algorithm
-
nixos-unstable rfc6555-0.1.0
- nixpkgs-unstable rfc6555-0.1.0
- nixos-unstable-small rfc6555-0.1.0
pkgs.dhallPackages.dhall-kubernetes
None
-
nixos-unstable 3.0.0-3c6d09a9409977cdde58a091d76a6d20509ca4b0
- nixpkgs-unstable 3.0.0-3c6d09a9409977cdde58a091d76a6d20509ca4b0
- nixos-unstable-small 3.0.0-3c6d09a9409977cdde58a091d76a6d20509ca4b0
-
nixos-25.11 3.0.0-3c6d09a9409977cdde58a091d76a6d20509ca4b0
- nixos-25.11-small 3.0.0-3c6d09a9409977cdde58a091d76a6d20509ca4b0
- nixpkgs-25.11-darwin 3.0.0-3c6d09a9409977cdde58a091d76a6d20509ca4b0
pkgs.python312Packages.steamworkspy
Python API system for Valve's Steamworks
-
nixos-25.11 26780de81b8c14d48fe8d757c642086f2af2a66b
- nixos-25.11-small 26780de81b8c14d48fe8d757c642086f2af2a66b
- nixpkgs-25.11-darwin 26780de81b8c14d48fe8d757c642086f2af2a66b
pkgs.python313Packages.steamworkspy
Python API system for Valve's Steamworks
-
nixos-unstable 26780de81b8c14d48fe8d757c642086f2af2a66b
- nixpkgs-unstable 26780de81b8c14d48fe8d757c642086f2af2a66b
- nixos-unstable-small 26780de81b8c14d48fe8d757c642086f2af2a66b
-
nixos-25.11 26780de81b8c14d48fe8d757c642086f2af2a66b
- nixos-25.11-small 26780de81b8c14d48fe8d757c642086f2af2a66b
- nixpkgs-25.11-darwin 26780de81b8c14d48fe8d757c642086f2af2a66b
pkgs.python314Packages.steamworkspy
Python API system for Valve's Steamworks
-
nixos-unstable 26780de81b8c14d48fe8d757c642086f2af2a66b
- nixpkgs-unstable 26780de81b8c14d48fe8d757c642086f2af2a66b
- nixos-unstable-small 26780de81b8c14d48fe8d757c642086f2af2a66b
pkgs.vimPlugins.nvim-treesitter-parsers.pod
Tree-sitter grammar for pod
-
nixos-unstable 0.0.0+rev=57c606a
- nixpkgs-unstable 0.0.0+rev=57c606a
- nixos-unstable-small 0.0.0+rev=57c606a
pkgs.vimPlugins.nvim-treesitter-parsers.vhs
Tree-sitter grammar for vhs
-
nixos-unstable 0.0.0+rev=0c6fae9
- nixpkgs-unstable 0.0.0+rev=0c6fae9
- nixos-unstable-small 0.0.0+rev=0c6fae9
pkgs.vimPlugins.nvim-treesitter-parsers.rasi
Tree-sitter grammar for rasi
-
nixos-unstable 0.0.0+rev=e735c68
- nixpkgs-unstable 0.0.0+rev=e735c68
- nixos-unstable-small 0.0.0+rev=e735c68
pkgs.vimPlugins.nvim-treesitter-parsers.scss
Tree-sitter grammar for scss
-
nixos-unstable 0.0.0+rev=c478c68
- nixpkgs-unstable 0.0.0+rev=c478c68
- nixos-unstable-small 0.0.0+rev=c478c68
pkgs.vimPlugins.nvim-treesitter-parsers.yuck
Tree-sitter grammar for yuck
-
nixos-unstable 0.0.0+rev=6c60112
- nixpkgs-unstable 0.0.0+rev=6c60112
- nixos-unstable-small 0.0.0+rev=6c60112
pkgs.vimPlugins.nvim-treesitter-parsers.templ
Tree-sitter grammar for templ
-
nixos-unstable 0.0.0+rev=1c6db04
- nixpkgs-unstable 0.0.0+rev=1c6db04
- nixos-unstable-small 0.0.0+rev=1c6db04
pkgs.vimPlugins.nvim-treesitter-parsers.scheme
Tree-sitter grammar for scheme
-
nixos-unstable 0.0.0+rev=c6cb7c7
- nixpkgs-unstable 0.0.0+rev=c6cb7c7
- nixos-unstable-small 0.0.0+rev=c6cb7c7
pkgs.androidenv.androidPkgs.all.packages.build-tools.v30_0_3
Android SDK tools, packaged in Nixpkgs
-
nixos-unstable tools_r30.0.3-macosx.zip
- nixpkgs-unstable tools_r30.0.3-macosx.zip
- nixos-unstable-small tools_r30.0.3-macosx.zip
-
nixos-25.11 tools_r30.0.3-macosx.zip
- nixos-25.11-small tools_r30.0.3-macosx.zip
- nixpkgs-25.11-darwin tools_r30.0.3-macosx.zip
pkgs.androidenv.androidPkgs.all.packages.build-tools.v32_0_0
Android SDK tools, packaged in Nixpkgs
-
nixos-unstable tools_r32-macosx.zip
- nixpkgs-unstable tools_r32-macosx.zip
- nixos-unstable-small tools_r32-macosx.zip
-
nixos-25.11 tools_r32-macosx.zip
- nixos-25.11-small tools_r32-macosx.zip
- nixpkgs-25.11-darwin tools_r32-macosx.zip
Package maintainers
-
@hadilq Hadi Lashkari Ghouchani <hadilq.dev@gmail.com>
-
@RossComputerGuy Tristan Ross <tristan.ross@midstall.com>
-
@adrian-gierakowski Adrian Gierakowski <adrian.gierakowski@gmail.com>
-
@johnrtitor Masum Reza <masumrezarock100@gmail.com>
-
@numinit Morgan Jones <me+nixpkgs@numin.it>
-
@Detegr Antti Keränen <detegr@rbx.email>
-
@jmbaur Jared Baur <jaredbaur@fastmail.com>
-
@felixsinger Felix Singer <felixsinger@posteo.net>
-
@powwu powwu <hello@powwu.sh>
-
@stv0g Steffen Vogel <post@steffenvogel.de>
-
@PJungkamp Philipp Jungkamp <philipp@jungkamp.dev>
-
@weirdrock weirdrock <weirdrock@riseup.net>
-
@phryneas Lenz Weber <mail@lenzw.de>
-
@OPNA2608 Cosima Neidahl <opna2608@protonmail.com>
-
@nagy Daniel Nagy <danielnagy@posteo.de>
-
@lukego Luke Gorrie <luke@snabb.co>
-
@Uthar Kasper Gałkowski <galkowskikasper@gmail.com>
-
@7c6f434c Michael Raskin <7c6f434c@mail.ru>
-
@hraban Hraban Luyat <hraban@0brg.net>