HIGH
Discourse
CVE published 2026-05-05
CVE-2026-44028
CVE-2026-44028 was publicly disclosed on 2026-05-05 and updated on 2026-05-09. The issue affects Nix and Lix and centers on unbounded recursion in the NAR (Nix Archive) parser. In the affected code path, a stack overflow on a coroutine stack without a guard page can corrupt heap memory, which may lead to arbitrary code execution as the Nix daemon runs as root in multi-user deployments if ASLR hardening is [truncated]