E-Ink News Daily

A critical security vulnerability (CVE-2026-39860) in Nix versions 2.21 through 2.34 allows privilege escalation via symlink attacks during fixed-output derivation registration, enabling arbitrary file writes as root. The issue affects default NixOS configurations and sandboxed Linux systems, with patches available in versions 2.28.6 through 2.34.5. This vulnerability was introduced as part of prior fixes for CVE-2024-27297.