Root Access at Risk: Critical Nix Sandbox Escape Overwrites Sensitive System Files

A severe security vulnerability has been identified in the Nix package manager, a tool celebrated by the Linux and Unix communities for making package management reliable and reproducible. Tracked as CVE-2026-39860 with a CVSS score of 9.0, this sandbox escape allows users to bypass security boundaries and gain root privileges by manipulating the build process.

The flaw exists within the mechanism Nix uses to register the output of “fixed-output derivations” (FODs). During this process, Nix creates a temporary copy of the build output before moving it to its final location in the Nix store.

Researchers discovered that on Linux systems, the location used for this temporary copy was placed inside the build chroot—an environment normally controlled by the derivation builder. An attacker can exploit this by creating a malicious symlink at that specific path, pointing to a sensitive file on the host system (such as /etc/shadow or a system binary).

When the Nix process—which typically runs as the root user in multi-user installations—attempts to register the output, it follows the symlink and overwrites the destination file with the derivation’s contents. In a multi-user setup, this allows any user permitted to submit builds to “gain root privileges by modifying sensitive files”.

The vulnerability represents a “sandbox escape” for Linux-based builds. It is important to note that sandboxed macOS builds are unaffected by this specific flaw.

By default, Nix allows all users to submit builds to the Nix daemon (allowed-users defaults to all users), making the potential attack surface quite broad for multi-user systems.

The Nix development team has released a series of updates to address this critical flaw across all supported release branches. The fix involves moving the temporary output copy to a directory in the Nix store that is “inaccessible to other users,” effectively cutting off the symlink attack vector.

Affected and Fixed Versions:

• 2.34: Fixed in 2.34.5
• 2.33: Fixed in 2.33.4
• 2.32: Fixed in 2.32.7
• 2.31: Fixed in 2.31.4
• 2.30: Fixed in 2.30.4
• 2.29: Fixed in 2.29.3
• 2.28: Fixed in 2.28.6

The patches for the more recent versions (2.31 through 2.34) also include “additional hardening to prevent communication and file descriptor smuggling” between different build processes. This advanced mitigation is effective on systems running Linux kernel 6.12 or later with the Landlock Linux Security Module (LSM) enabled.

If you cannot update your Nix installation immediately, you should restrict who can submit builds to the Nix daemon. This can be done by:

• Modifying the allowed-users setting in your Nix configuration to include only trusted accounts.
• Making the /nix/var/nix/daemon-socket directory inaccessible to untrusted users.

Because this vulnerability allows for arbitrary file overwrites by the root user, administrators are strongly encouraged to treat this as a high-priority update to maintain the integrity and security of their Linux environments.