What is the CVSS score of CVE-2026-44029?

CVE-2026-44029 has a CVSS 3.1 base score of 5.3 (Medium). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N. EPSS exploitation probability: 0.2%.

Is there a patch available for CVE-2026-44029?

Yes, a patch is available for CVE-2026-44029. Update the affected software to the latest version immediately.

Nix Package Manager CVE-2026-44029

EUVD-2026-27166 MEDIUM

Absolute Path Traversal (CWE-36)

2026-05-05 cve@mitre.org

Path Traversal Suse

5.3

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

Low

Availability

None

Lifecycle Timeline

Patch available

May 05, 2026 - 02:01 EUVD

Analysis Generated

May 05, 2026 - 01:30 vuln.today

DescriptionNVD

An issue was discovered in Nix before 2.34.7. Writing to arbitrary files can occur via "nix-prefetch-url --unpack" or "nix store prefetch-file --unpack" directory traversal. The fixed versions are 2.34.7, 2.33.6, 2.32.8, 2.31.5, 2.30.5, 2.29.4, and 2.28.7 (introduced in 2.24.7);

AnalysisAI

Arbitrary file writing via directory traversal in Nix versions before 2.34.7 allows unauthenticated remote attackers to overwrite files on systems running vulnerable versions of nix-prefetch-url or nix store prefetch-file with the --unpack flag. The vulnerability exploits improper path validation during archive extraction, enabling an attacker to craft malicious packages that write to arbitrary filesystem locations when unpacked. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory