Local Authentication Vulnerability in MySQL Services of Nixpkgs by NixOS
CVE-2026-61828
8.5HIGH
What is CVE-2026-61828?
The Nixpkgs software repository has a vulnerability that affects MySQL services on NixOS. Due to improper initialization of the MySQL database, local users, including unprivileged web and CGI processes running on the same host, can authenticate as the root user without a password. This could potentially lead to unauthorized access and control over the MySQL instance. Users are advised to upgrade to Nixpkgs versions 25.11 or 26.05 to mitigate this risk.
Affected Version(s)
nixpkgs < 25.11 < 25.11
nixpkgs >= 26.05-beta, < 26.05 < 26.05-beta, 26.05
