CVE-2026-39860 Overview
A critical symlink attack vulnerability exists in the Nix package manager for Linux systems that allows local users to escalate privileges to root. This flaw is a bypass of the previous fix for CVE-2024-27297, enabling arbitrary file overwrites through symlink following during fixed-output derivation output registration. The vulnerability specifically affects sandboxed Linux builds while macOS builds remain unaffected.
Critical Impact
Local privilege escalation to root in multi-user Nix installations, allowing any user with build submission rights to gain complete system control by overwriting sensitive system files.
Affected Products
- Nix Package Manager versions prior to 2.34.5
- Nix Package Manager versions prior to 2.33.4
- Nix Package Manager versions prior to 2.32.7
- Nix Package Manager versions prior to 2.31.4
- Nix Package Manager versions prior to 2.30.4
- Nix Package Manager versions prior to 2.29.3
- Nix Package Manager versions prior to 2.28.6
Discovery Timeline
- April 8, 2026 - CVE-2026-39860 published to NVD
- April 8, 2026 - Last updated in NVD database
Technical Details for CVE-2026-39860
Vulnerability Analysis
This vulnerability represents a UNIX Symbolic Link (Symlink) Following flaw (CWE-61) that occurs during the output registration phase of fixed-output derivations in the Nix package manager. The core issue stems from an incomplete fix for the previous CVE-2024-27297 vulnerability.
In multi-user Nix installations, the Nix daemon typically runs as root and orchestrates builds within isolated chroot environments. The vulnerability arises because the temporary output location used during the output copy operation is positioned inside the build chroot. A malicious derivation builder can craft a symlink at this temporary path pointing to any arbitrary location in the host filesystem. When the Nix daemon process—executing in the host mount namespace—performs the output registration, it follows this symlink and overwrites the target destination with the derivation's output contents.
The attack surface encompasses all users configured in the allowed-users setting, which defaults to all users on the system. This creates a significant privilege escalation vector where unprivileged users can modify critical system files such as /etc/passwd, /etc/shadow, or system binaries.
Root Cause
The root cause lies in the failure to properly isolate file operations during the output registration phase. The Nix process running with root privileges in the host namespace trusts paths within the build chroot without verifying whether they are symlinks pointing outside the sandbox boundary. The original fix for CVE-2024-27297 did not adequately address the scenario where the temporary output path itself could be replaced with a malicious symlink before the copy operation completes.
Attack Vector
The attack requires local access to a system running a multi-user Nix installation. An attacker creates a malicious derivation that:
- Places a symlink at the expected temporary output location within the build chroot
- Points the symlink to a sensitive file on the host filesystem (e.g., /etc/passwd)
- When the Nix daemon registers the output, it follows the symlink and overwrites the target file with attacker-controlled content
This results in arbitrary file overwrite with root privileges, enabling complete system compromise.
The security patch addresses this by copying the output to a fresh temporary file before registration, ensuring no symlinks can be followed:
[&](const DerivationOutput::CAFixed & dof) {
auto & wanted = dof.ca.hash;
+ // Replace the output by a fresh copy of itself to make sure
+ // that there's no stale file descriptor pointing to it
+ Path tmpOutput = actualPath + ".tmp";
+ copyFile(actualPath, tmpOutput, true);
+ renameFile(tmpOutput, actualPath);
+
auto newInfo0 = newInfoFromCA(DerivationOutput::CAFloating {
.method = dof.ca.method,
.hashAlgo = wanted.algo,
Source: GitHub NixOS Commit 244f3ee
The fix also introduces a new copyFile function to safely handle the copy operation:
}
}
+void copyFile(const Path & oldPath, const Path & newPath, bool andDelete)
+{
+ return copy(fs::directory_entry(fs::path(oldPath)), fs::path(newPath), andDelete);
+}
+
void renameFile(const Path & oldName, const Path & newName)
{
fs::rename(oldName, newName);
Source: GitHub NixOS Commit 244f3ee
Detection Methods for CVE-2026-39860
Indicators of Compromise
- Unexpected symlinks appearing in Nix store temporary directories pointing to sensitive system files
- Unauthorized modifications to critical files such as /etc/passwd, /etc/shadow, or system binaries
- Suspicious build submissions from non-administrative users targeting fixed-output derivations
- Anomalous file descriptor activity during Nix daemon build operations
Detection Strategies
- Monitor the Nix daemon process for file operations that traverse outside expected store paths
- Implement file integrity monitoring (FIM) on critical system files to detect unauthorized modifications
- Audit derivation build logs for unusual patterns or repeated failed builds that may indicate exploitation attempts
- Deploy endpoint detection rules to identify symlink creation within build chroot environments
Monitoring Recommendations
- Enable verbose logging for the Nix daemon to capture detailed build operation traces
- Configure alerts for any root-level file modifications initiated by the Nix daemon process
- Monitor allowed-users configuration changes and restrict build submission rights to trusted users only
- Implement baseline monitoring for Nix store directory structures to detect anomalous symlinks
How to Mitigate CVE-2026-39860
Immediate Actions Required
- Upgrade Nix to patched versions: 2.34.5, 2.33.4, 2.32.7, 2.31.4, 2.30.4, 2.29.3, or 2.28.6
- Review and restrict the allowed-users configuration to minimize users permitted to submit builds
- Audit existing derivations and build configurations for potentially malicious content
- Consider temporarily disabling multi-user mode if immediate patching is not possible
Patch Information
NixOS has released security patches across multiple version branches. The fix ensures that fixed-output derivation outputs are copied to a fresh temporary location before registration, preventing symlink following attacks. Detailed commit information is available in the GitHub NixOS Security Advisory GHSA-g3g9-5vj6-r3gj.
Additional technical details can be found in GitHub NixOS Pull Request 10178.
Workarounds
- Restrict allowed-users in /etc/nix/nix.conf to explicitly trusted accounts only
- Disable untrusted builds by configuring require-sigs = true and limiting access to signing keys
- Run Nix in single-user mode where multi-user functionality is not required
- Implement network segmentation to limit access to systems running vulnerable Nix installations
# Configuration example - Restrict allowed users in /etc/nix/nix.conf
# Only allow specific trusted users to submit builds
allowed-users = trusted-admin build-operator
# Require signatures for all store paths
require-sigs = true
# Limit builders to trusted sources
trusted-users = root trusted-admin
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
