Arbitrary Command Execution in NixOS Captive Browser
CVE-2026-25740

5.8MEDIUM

Key Information:

Vendor

Nixos

Status
Nixpkgs
Vendor
CVE Published:
9 February 2026

What is CVE-2026-25740?

A flexibility issue in the NixOS captive browser allows users to execute arbitrary commands when the program is enabled. This vulnerability stems from the CAP_NET_RAW capability, which can be exploited by any user on the system. This can lead to serious consequences, such as binding to privileged ports and spoofing localhost traffic from privileged services, potentially compromising system security. The issue has been addressed in versions 25.11 and 26.05, providing necessary updates for safeguarding against such risks.

Affected Version(s)

nixpkgs <= 25.05

References

https://github.com/NixOS/nixpkgs/security/advisories/GHSA...
x_refsource_CONFIRM
https://github.com/NixOS/nixpkgs/pull/487775
x_refsource_MISC
https://github.com/NixOS/nixpkgs/pull/487779
x_refsource_MISC

CVSS V4

Score:
5.8
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Attack Required:
Physical
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.