Nixpkgs security tracker

Permalink CVE-2026-3588

7.5 HIGH

CVSS version: 3.1
Attack vector (AV): ADJACENT_NETWORK
Attack complexity (AC): LOW
Privileges required (PR): HIGH
User interaction (UI): NONE
Scope (S): CHANGED
Confidentiality impact (C): HIGH
Integrity impact (I): LOW
Availability impact (A): LOW

created 1 month, 1 week ago Activity log

Created suggestion 1 month, 1 week ago

Server-Side Request Forgery (SSRF) in ikea dirigera

A server-side request forgery (SSRF) vulnerability in IKEA Dirigera v2.866.4 allows an attacker to exfiltrate private keys by sending a crafted request.

References

https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2026-3588 third-party-advisory

Affected products

dirigera

=<2.866.4

Matching in nixpkgs

pkgs.python312Packages.dirigera

Module for controlling the IKEA Dirigera Smart Home Hub

nixos-25.11 1.2.4
- nixos-25.11-small 1.2.4
- nixpkgs-25.11-darwin 1.2.4

pkgs.python313Packages.dirigera

Module for controlling the IKEA Dirigera Smart Home Hub

nixos-unstable 1.2.6
- nixpkgs-unstable 1.2.6
- nixos-unstable-small 1.2.6
nixos-25.11 1.2.4
- nixos-25.11-small 1.2.4
- nixpkgs-25.11-darwin 1.2.4

pkgs.python314Packages.dirigera

Module for controlling the IKEA Dirigera Smart Home Hub

nixos-unstable 1.2.6
- nixpkgs-unstable 1.2.6
- nixos-unstable-small 1.2.6

pkgs.home-assistant-custom-components.dirigera_platform

Home-assistant integration for IKEA Dirigera hub

nixos-unstable 2.7.1
- nixpkgs-unstable 2.7.1
- nixos-unstable-small 2.7.1
nixos-25.11 2.6.8
- nixos-25.11-small 2.6.8
- nixpkgs-25.11-darwin 2.6.8

Package maintainers

@rhoriguchi Ryan Horiguchi <ryan.horiguchi@gmail.com>
@fabaff Fabian Affolter <mail@fabian-affolter.ch>

Suggestions search

References

Affected products

Matching in nixpkgs

pkgs.python312Packages.dirigera

pkgs.python313Packages.dirigera

pkgs.python314Packages.dirigera

pkgs.home-assistant-custom-components.dirigera_platform

Package maintainers