CVE-2026-44029 Overview
CVE-2026-44029 is a directory traversal vulnerability in the Nix package manager affecting versions before 2.34.7. The flaw resides in the nix-prefetch-url --unpack and nix store prefetch-file --unpack commands. A crafted archive can write to arbitrary file system paths outside the intended extraction directory. The issue is tracked under CWE-36: Absolute Path Traversal.
Critical Impact
Attackers can write to arbitrary files on systems that prefetch attacker-controlled archives, enabling integrity compromise and supply-chain abuse against Nix users.
Affected Products
- Nix versions prior to 2.34.7 on the 2.34.x branch
- Nix versions 2.24.7 through 2.33.5 on supported maintenance branches
- Lix (referenced in the upstream NixOS security advisory)
Discovery Timeline
- 2026-05-05 - CVE-2026-44029 published to the National Vulnerability Database (NVD)
- 2026-05-05 - Last updated in NVD database
Technical Details for CVE-2026-44029
Vulnerability Analysis
The vulnerability stems from improper handling of archive entry paths during unpacking. When a user invokes nix-prefetch-url --unpack <url> or nix store prefetch-file --unpack <url>, Nix downloads the archive and extracts its contents. The extraction logic fails to canonicalize and validate entry paths against the destination directory.
An archive containing entries with traversal sequences such as ../ or absolute paths can therefore escape the temporary unpack directory. The result is arbitrary file write under the privileges of the invoking user. The flaw is exploitable over the network because Nix fetches archives by URL, and the attacker controls archive contents.
The upstream advisory notes the issue was introduced in Nix 2.24.7 and corrected in 2.34.7, 2.33.6, 2.32.8, 2.31.5, 2.30.5, 2.29.4, and 2.28.7. The bug class is classified as CWE-36.
Root Cause
The prefetch unpack routine extracts archive entries without verifying that the resolved destination remains within the intended target directory. Path components containing .. or absolute prefixes are honored verbatim, allowing entries to overwrite files anywhere the calling process can write.
Attack Vector
Exploitation requires that a victim invoke nix-prefetch-url --unpack or nix store prefetch-file --unpack against a URL controlled by the attacker. This pattern is common in development tooling, package update scripts, and CI pipelines that compute hashes for new sources. Refer to the GitHub Security Advisory GHSA-gr92-w2r5-qw5p and the NixOS Security Advisory for technical details. No public proof-of-concept code was referenced in the enriched data.
Detection Methods for CVE-2026-44029
Indicators of Compromise
- Unexpected file writes outside Nix store paths shortly after nix-prefetch-url or nix store prefetch-file execution.
- Archive downloads from untrusted URLs preceding modifications to user dotfiles, shell profiles, or systemd unit directories.
- Process execution of nix-prefetch-url --unpack or nix store prefetch-file --unpack in CI runners with attacker-influenced URLs.
Detection Strategies
- Audit shell history and CI logs for --unpack invocations against external URLs that were not previously trusted.
- Inspect file creation events outside /nix/store correlated with the parent process nix or nix-prefetch-url.
- Compare installed Nix versions against the fixed release set: 2.34.7, 2.33.6, 2.32.8, 2.31.5, 2.30.5, 2.29.4, and 2.28.7.
Monitoring Recommendations
- Enable file integrity monitoring on user home directories, ~/.config, ~/.ssh, and system directories writable by build users.
- Forward Nix process telemetry and file system events to the Singularity Data Lake for retrospective hunting against the indicators above.
- Use Singularity Endpoint behavioral identification to flag archive extraction processes that write outside expected destinations.
How to Mitigate CVE-2026-44029
Immediate Actions Required
- Upgrade Nix to 2.34.7 or to the corresponding fixed release on your maintenance branch.
- Audit automation that calls nix-prefetch-url --unpack or nix store prefetch-file --unpack and restrict it to trusted sources.
- Review hosts that ran the affected commands against untrusted URLs for unauthorized file writes.
Patch Information
The maintainers fixed the issue in Nix versions 2.34.7, 2.33.6, 2.32.8, 2.31.5, 2.30.5, 2.29.4, and 2.28.7. The regression was introduced in 2.24.7. See the GitHub Security Advisory and the Openwall OSS-Security discussion for release notes and patch references.
Workarounds
- Avoid the --unpack flag when prefetching archives from untrusted sources until the upgrade is applied.
- Run prefetch operations under a dedicated unprivileged account whose write scope is limited to disposable directories.
- Validate archive contents with tar -tf or equivalent before extracting in any pipeline that handles third-party URLs.
# Verify the installed Nix version meets the fixed release
nix --version
# Upgrade on a single-user installation
nix-env -iA nixpkgs.nix
# Upgrade on a multi-user (daemon) installation, then restart the daemon
sudo -i nix-env -iA nixpkgs.nix -f '<nixpkgs>'
sudo systemctl restart nix-daemon
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
