Nixpkgs security tracker

Untriaged

Permalink CVE-2026-40032

7.8 HIGH

CVSS version: 3.1
Attack vector (AV): LOCAL
Attack complexity (AC): LOW
Privileges required (PR): NONE
User interaction (UI): REQUIRED
Scope (S): UNCHANGED
Confidentiality impact (C): HIGH
Integrity impact (I): HIGH
Availability impact (A): HIGH

created 6 days, 18 hours ago

UAC < 3.3.0-rc1 Command Injection via Placeholder Substitution

UAC (Unix-like Artifacts Collector) before 3.3.0-rc1 contains a command injection vulnerability in the placeholder substitution and command execution pipeline where the _run_command() function passes constructed command strings directly to eval without proper sanitization. Attackers can inject shell metacharacters or command substitutions through attacker-controlled inputs including %line% values from foreach iterators and %user% / %user_home% values derived from system files to achieve arbitrary command execution with the privileges of the UAC process.

References

Pull Request product
Patch Commit #1 patch
Patch Commit #2 patch
Patch Commit #3 patch
Related Issue product
Mobasi Sentinel Vulnerability Index vendor-advisory
VulnCheck Advisory: UAC < 3.3.0-rc1 Command Injection via Placeholder Substitution third-party-advisory

Affected products

UAC

==3.3.0-rc1
=<3.2.0

Matching in nixpkgs

pkgs.uacme

ACMEv2 client written in plain C with minimal dependencies

nixos-unstable 1.8.0
- nixpkgs-unstable 1.8.1
- nixos-unstable-small 1.8.1
nixos-25.11 1.7.6
- nixos-25.11-small 1.7.6
- nixpkgs-25.11-darwin 1.7.6

pkgs.guacamole-client

Clientless remote desktop gateway

nixos-unstable 1.6.0
- nixpkgs-unstable 1.6.0
- nixos-unstable-small 1.6.0
nixos-25.11 1.6.0
- nixos-25.11-small 1.6.0
- nixpkgs-25.11-darwin 1.6.0

pkgs.guacamole-server

Clientless remote desktop gateway

nixos-unstable 1.6.0-unstable-2025-06-29
- nixpkgs-unstable 1.6.0-unstable-2025-06-29
- nixos-unstable-small 1.6.0-unstable-2025-06-29
nixos-25.11 1.6.0-unstable-2025-06-29
- nixos-25.11-small 1.6.0-unstable-2025-06-29
- nixpkgs-25.11-darwin 1.6.0-unstable-2025-06-29

pkgs.mpvScripts.quack

Reduce audio volume after seeking

nixos-unstable 0-unstable-2020-05-27
- nixpkgs-unstable 0-unstable-2020-05-27
- nixos-unstable-small 0-unstable-2020-05-27
nixos-25.11 0-unstable-2020-05-27
- nixos-25.11-small 0-unstable-2020-05-27
- nixpkgs-25.11-darwin 0-unstable-2020-05-27

pkgs.luaPackages.luacov

Coverage analysis tool for Lua scripts

nixos-unstable 0.17.0-1
- nixpkgs-unstable 0.17.0-1
- nixos-unstable-small 0.17.0-1
nixos-25.11 0.16.0-1
- nixos-25.11-small 0.16.0-1
- nixpkgs-25.11-darwin 0.16.0-1

pkgs.lua51Packages.luacov

Coverage analysis tool for Lua scripts

nixos-unstable 0.17.0-1
- nixpkgs-unstable 0.17.0-1
- nixos-unstable-small 0.17.0-1
nixos-25.11 0.16.0-1
- nixos-25.11-small 0.16.0-1
- nixpkgs-25.11-darwin 0.16.0-1

pkgs.lua52Packages.luacov

Coverage analysis tool for Lua scripts

nixos-unstable 0.17.0-1
- nixpkgs-unstable 0.17.0-1
- nixos-unstable-small 0.17.0-1
nixos-25.11 0.16.0-1
- nixos-25.11-small 0.16.0-1
- nixpkgs-25.11-darwin 0.16.0-1

pkgs.lua53Packages.luacov

Coverage analysis tool for Lua scripts

nixos-unstable 0.17.0-1
- nixpkgs-unstable 0.17.0-1
- nixos-unstable-small 0.17.0-1
nixos-25.11 0.16.0-1
- nixos-25.11-small 0.16.0-1
- nixpkgs-25.11-darwin 0.16.0-1

pkgs.lua54Packages.luacov

Coverage analysis tool for Lua scripts

nixos-unstable 0.17.0-1
- nixpkgs-unstable 0.17.0-1
- nixos-unstable-small 0.17.0-1
nixos-25.11 0.16.0-1
- nixos-25.11-small 0.16.0-1
- nixpkgs-25.11-darwin 0.16.0-1

pkgs.lua55Packages.luacov

Coverage analysis tool for Lua scripts

nixos-unstable 0.17.0-1
- nixpkgs-unstable 0.17.0-1
- nixos-unstable-small 0.17.0-1

pkgs.luaPackages.luacheck

A static analyzer and a linter for Lua

nixos-unstable 1.2.0-1
- nixpkgs-unstable 1.2.0-1
- nixos-unstable-small 1.2.0-1
nixos-25.11 1.2.0-1
- nixos-25.11-small 1.2.0-1
- nixpkgs-25.11-darwin 1.2.0-1

pkgs.haskellPackages.quack

Convenience parser combinators for URI query strings

nixos-unstable 0.0.0.3
- nixpkgs-unstable 0.0.0.3
- nixos-unstable-small 0.0.0.3
nixos-25.11 0.0.0.3
- nixos-25.11-small 0.0.0.3
- nixpkgs-25.11-darwin 0.0.0.3

pkgs.luajitPackages.luacov

Coverage analysis tool for Lua scripts

nixos-unstable 0.17.0-1
- nixpkgs-unstable 0.17.0-1
- nixos-unstable-small 0.17.0-1
nixos-25.11 0.16.0-1
- nixos-25.11-small 0.16.0-1
- nixpkgs-25.11-darwin 0.16.0-1

pkgs.lua51Packages.luacheck

A static analyzer and a linter for Lua

nixos-unstable 1.2.0-1
- nixpkgs-unstable 1.2.0-1
- nixos-unstable-small 1.2.0-1
nixos-25.11 1.2.0-1
- nixos-25.11-small 1.2.0-1
- nixpkgs-25.11-darwin 1.2.0-1

pkgs.lua52Packages.luacheck

A static analyzer and a linter for Lua

nixos-unstable 1.2.0-1
- nixpkgs-unstable 1.2.0-1
- nixos-unstable-small 1.2.0-1
nixos-25.11 1.2.0-1
- nixos-25.11-small 1.2.0-1
- nixpkgs-25.11-darwin 1.2.0-1

pkgs.lua53Packages.luacheck

A static analyzer and a linter for Lua

nixos-unstable 1.2.0-1
- nixpkgs-unstable 1.2.0-1
- nixos-unstable-small 1.2.0-1
nixos-25.11 1.2.0-1
- nixos-25.11-small 1.2.0-1
- nixpkgs-25.11-darwin 1.2.0-1

pkgs.lua54Packages.luacheck

A static analyzer and a linter for Lua

nixos-unstable 1.2.0-1
- nixpkgs-unstable 1.2.0-1
- nixos-unstable-small 1.2.0-1
nixos-25.11 1.2.0-1
- nixos-25.11-small 1.2.0-1
- nixpkgs-25.11-darwin 1.2.0-1

pkgs.luajitPackages.luacheck

A static analyzer and a linter for Lua

nixos-unstable 1.2.0-1
- nixpkgs-unstable 1.2.0-1
- nixos-unstable-small 1.2.0-1
nixos-25.11 1.2.0-1
- nixos-25.11-small 1.2.0-1
- nixpkgs-25.11-darwin 1.2.0-1

pkgs.python312Packages.aioaquacell

Asynchronous library to retrieve details of your Aquacell water softener device.

nixos-25.11 0.2.0
- nixos-25.11-small 0.2.0
- nixpkgs-25.11-darwin 0.2.0