Nixpkgs security tracker
Untriaged
Permalink
CVE-2026-3588
7.5 HIGH
- CVSS version: 3.1
- Attack vector (AV): ADJACENT_NETWORK
- Attack complexity (AC): LOW
- Privileges required (PR): HIGH
- User interaction (UI): NONE
- Scope (S): CHANGED
- Confidentiality impact (C): HIGH
- Integrity impact (I): LOW
- Availability impact (A): LOW
Activity log
- Created suggestion
Server-Side Request Forgery (SSRF) in ikea dirigera
A server-side request forgery (SSRF) vulnerability in IKEA Dirigera v2.866.4 allows an attacker to exfiltrate private keys by sending a crafted request.
References
-
https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2026-3588 third-party-advisory
Affected products
dirigera
- =<2.866.4
Matching in nixpkgs
pkgs.python312Packages.dirigera
Module for controlling the IKEA Dirigera Smart Home Hub
pkgs.python313Packages.dirigera
Module for controlling the IKEA Dirigera Smart Home Hub
pkgs.python314Packages.dirigera
Module for controlling the IKEA Dirigera Smart Home Hub
Package maintainers
-
@rhoriguchi Ryan Horiguchi <ryan.horiguchi@gmail.com>
-
@fabaff Fabian Affolter <mail@fabian-affolter.ch>