Nixpkgs security tracker

Untriaged

Permalink CVE-2026-48840

5.3 MEDIUM

CVSS version (CVSS): 3.1
Attack Vector (AV): Network (N)
Attack Complexity (AC): Low (L)
Privileges Required (PR): None (N)
User Interaction (UI): None (N)
Scope (S): Unchanged (U)
Confidentiality (C): Low (L)
Integrity (I): None (N)
Availability (A): None (N)
Modified Attack Vector (MAV): Network (N)
Modified Attack Complexity (MAC): Low (L)
Modified Privileges Required (MPR): None (N)
Modified User Interaction (MUI): None (N)
Modified Confidentiality (MC): Low (L)
Modified Scope (MS): Unchanged (U)
Modified Integrity (MI): None (N)
Modified Availability (MA): None (N)

created 18 hours ago Activity log

Created suggestion 18 hours ago

Exim 4.88 before 4.99.4, in some proxy configurations, mishandles certain …

Exim 4.88 before 4.99.4, in some proxy configurations, mishandles certain short payloads, leading to disclosure of uninitialized stack memory values to a client.

References

Affected products

Exim

<4.99.4

Matching in nixpkgs

pkgs.exim

Mail transfer agent (MTA)

nixos-unstable 4.99.3
- nixpkgs-unstable 4.99.3
- nixos-unstable-small 4.99.3
nixos-25.11 4.99.2
- nixos-25.11-small 4.99.2
- nixpkgs-25.11-darwin 4.99.2

Package maintainers

@Conni2461 Simon Hauser <simon-hauser@outlook.com>
@4z3 Tomislav Viljetić <tv@krebsco.de>
@dasJ Janne Heß <janne@hess.ooo>
@helsinki-Jo Joachim Ernst <joachim.ernst@helsinki-systems.de>

Untriaged

Permalink CVE-2026-45185

9.8 CRITICAL

CVSS version (CVSS): 3.1
Attack Vector (AV): Network (N)
Attack Complexity (AC): Low (L)
Privileges Required (PR): None (N)
User Interaction (UI): None (N)
Scope (S): Unchanged (U)
Confidentiality (C): High (H)
Integrity (I): High (H)
Availability (A): High (H)
Modified Attack Vector (MAV): Network (N)
Modified Attack Complexity (MAC): Low (L)
Modified Privileges Required (MPR): None (N)
Modified User Interaction (MUI): None (N)
Modified Confidentiality (MC): High (H)
Modified Scope (MS): Unchanged (U)
Modified Integrity (MI): High (H)
Modified Availability (MA): High (H)

created 2 weeks, 4 days ago Activity log

Created suggestion 2 weeks, 4 days ago

Exim before 4.99.3, in certain GnuTLS configurations, has a remotely …

Exim before 4.99.3, in certain GnuTLS configurations, has a remotely reachable use-after-free in the BDAT body parsing path. It is triggered when a client sends a TLS close_notify mid-body during a CHUNKING transfer, followed by a final cleartext byte on the same TCP connection. This can lead to heap corruption. An unauthenticated network attacker exploiting this vulnerability could execute arbitrary code.

References

Affected products

Exim

<4.99.3

Matching in nixpkgs

pkgs.exim

Mail transfer agent (MTA)

nixos-unstable 4.99.1
- nixpkgs-unstable 4.99.2
- nixos-unstable-small 4.99.2
nixos-25.11 4.99.1
- nixos-25.11-small 4.99.2
- nixpkgs-25.11-darwin 4.99.2

Package maintainers

@helsinki-Jo Joachim Ernst <joachim.ernst@helsinki-systems.de>
@dasJ Janne Heß <janne@hess.ooo>
@4z3 Tomislav Viljetić <tv@krebsco.de>

Untriaged

Permalink CVE-2026-40686

3.7 LOW

CVSS version (CVSS): 3.1
Attack Vector (AV): Network (N)
Attack Complexity (AC): High (H)
Privileges Required (PR): None (N)
User Interaction (UI): None (N)
Scope (S): Unchanged (U)
Confidentiality (C): Low (L)
Integrity (I): None (N)
Availability (A): None (N)
Modified Attack Vector (MAV): Network (N)
Modified Attack Complexity (MAC): High (H)
Modified Privileges Required (MPR): None (N)
Modified User Interaction (MUI): None (N)
Modified Confidentiality (MC): Low (L)
Modified Scope (MS): Unchanged (U)
Modified Integrity (MI): None (N)
Modified Availability (MA): None (N)

created 4 weeks, 2 days ago Activity log

Created suggestion 4 weeks, 2 days ago

In Exim before 4.99.2, when utf8 operators are enabled, there …

In Exim before 4.99.2, when utf8 operators are enabled, there is an out-of-bounds read if large UTF-8 trailing characters are present (malformed UTF-8 header data). Information might be divulged within an error message produced during handling of an unrelated e-mail message.

References

Affected products

Exim

<4.99.2

Matching in nixpkgs

pkgs.exim

Mail transfer agent (MTA)

nixos-unstable 4.99.1
- nixpkgs-unstable 4.99.1
- nixos-unstable-small 4.99.1
nixos-25.11 4.99.1
- nixos-25.11-small 4.99.1
- nixpkgs-25.11-darwin 4.99.1

Package maintainers

@helsinki-Jo Joachim Ernst <joachim.ernst@helsinki-systems.de>
@dasJ Janne Heß <janne@hess.ooo>
@4z3 Tomislav Viljetić <tv@krebsco.de>
@Conni2461 Simon Hauser <simon-hauser@outlook.com>

Untriaged

Permalink CVE-2026-40684

5.9 MEDIUM

CVSS version (CVSS): 3.1
Attack Vector (AV): Network (N)
Attack Complexity (AC): High (H)
Privileges Required (PR): None (N)
User Interaction (UI): None (N)
Scope (S): Unchanged (U)
Confidentiality (C): None (N)
Integrity (I): None (N)
Availability (A): High (H)
Modified Attack Vector (MAV): Network (N)
Modified Attack Complexity (MAC): High (H)
Modified Privileges Required (MPR): None (N)
Modified User Interaction (MUI): None (N)
Modified Confidentiality (MC): None (N)
Modified Scope (MS): Unchanged (U)
Modified Integrity (MI): None (N)
Modified Availability (MA): High (H)

created 4 weeks, 2 days ago Activity log

Created suggestion 4 weeks, 2 days ago

In Exim before 4.99.2, on systems using musl libc (not …

In Exim before 4.99.2, on systems using musl libc (not glibc), an attacker can crash the connection instance when malformed DNS data is present in PTR records. This is caused by a dn_expand oddity in octal printing.

References

Affected products

Exim

<4.99.2

Matching in nixpkgs

pkgs.exim

Mail transfer agent (MTA)

nixos-unstable 4.99.1
- nixpkgs-unstable 4.99.1
- nixos-unstable-small 4.99.1
nixos-25.11 4.99.1
- nixos-25.11-small 4.99.1
- nixpkgs-25.11-darwin 4.99.1

Package maintainers

@helsinki-Jo Joachim Ernst <joachim.ernst@helsinki-systems.de>
@dasJ Janne Heß <janne@hess.ooo>
@4z3 Tomislav Viljetić <tv@krebsco.de>
@Conni2461 Simon Hauser <simon-hauser@outlook.com>

Untriaged

Permalink CVE-2026-40687

4.8 MEDIUM

CVSS version (CVSS): 3.1
Attack Vector (AV): Network (N)
Attack Complexity (AC): High (H)
Privileges Required (PR): None (N)
User Interaction (UI): None (N)
Scope (S): Unchanged (U)
Confidentiality (C): Low (L)
Integrity (I): None (N)
Availability (A): Low (L)
Modified Attack Vector (MAV): Network (N)
Modified Attack Complexity (MAC): High (H)
Modified Privileges Required (MPR): None (N)
Modified User Interaction (MUI): None (N)
Modified Confidentiality (MC): Low (L)
Modified Scope (MS): Unchanged (U)
Modified Integrity (MI): None (N)
Modified Availability (MA): Low (L)

created 4 weeks, 2 days ago Activity log

Created suggestion 4 weeks, 2 days ago

In Exim before 4.99.2, when the SPA authentication driver is …

In Exim before 4.99.2, when the SPA authentication driver is used with an adversarial SPA resource, there can be an out-of-bounds write that crashes the connection instance, or erroneous data processing that divulges data from uninitialized heap memory.

References

Affected products

Exim

<4.99.2

Matching in nixpkgs

pkgs.exim

Mail transfer agent (MTA)

nixos-unstable 4.99.1
- nixpkgs-unstable 4.99.1
- nixos-unstable-small 4.99.1
nixos-25.11 4.99.1
- nixos-25.11-small 4.99.1
- nixpkgs-25.11-darwin 4.99.1

Package maintainers

@helsinki-Jo Joachim Ernst <joachim.ernst@helsinki-systems.de>
@dasJ Janne Heß <janne@hess.ooo>
@4z3 Tomislav Viljetić <tv@krebsco.de>
@Conni2461 Simon Hauser <simon-hauser@outlook.com>

Untriaged

Permalink CVE-2026-40685

6.5 MEDIUM

CVSS version (CVSS): 3.1
Attack Vector (AV): Network (N)
Attack Complexity (AC): High (H)
Privileges Required (PR): None (N)
User Interaction (UI): None (N)
Scope (S): Unchanged (U)
Confidentiality (C): None (N)
Integrity (I): Low (L)
Availability (A): High (H)
Modified Attack Vector (MAV): Network (N)
Modified Attack Complexity (MAC): High (H)
Modified Privileges Required (MPR): None (N)
Modified User Interaction (MUI): None (N)
Modified Confidentiality (MC): None (N)
Modified Scope (MS): Unchanged (U)
Modified Integrity (MI): Low (L)
Modified Availability (MA): High (H)

created 4 weeks, 2 days ago Activity log

Created suggestion 4 weeks, 2 days ago

In Exim before 4.99.2, when JSON lookup is enabled, an …

In Exim before 4.99.2, when JSON lookup is enabled, an out-of-bounds heap write can occur when a JSON operator encounters malformed JSON in an untrusted header, because of an incorrect implementation of \ skipping.

References

Affected products

Exim

<4.99.2

Matching in nixpkgs

pkgs.exim

Mail transfer agent (MTA)

nixos-unstable 4.99.1
- nixpkgs-unstable 4.99.1
- nixos-unstable-small 4.99.1
nixos-25.11 4.99.1
- nixos-25.11-small 4.99.1
- nixpkgs-25.11-darwin 4.99.1

Package maintainers

@helsinki-Jo Joachim Ernst <joachim.ernst@helsinki-systems.de>
@dasJ Janne Heß <janne@hess.ooo>
@4z3 Tomislav Viljetić <tv@krebsco.de>
@Conni2461 Simon Hauser <simon-hauser@outlook.com>

Suggestions search

References

Affected products

Matching in nixpkgs

pkgs.exim

Package maintainers

References

Affected products

Matching in nixpkgs

pkgs.exim

Package maintainers

References

Affected products

Matching in nixpkgs

pkgs.exim

Package maintainers

References

Affected products

Matching in nixpkgs

pkgs.exim

Package maintainers

References

Affected products

Matching in nixpkgs

pkgs.exim

Package maintainers

References

Affected products

Matching in nixpkgs

pkgs.exim

Package maintainers