securityonline.info 7/10/2026, 8:41:25 AM · external

Four GNU Guix flaws allow attackers gain root and corrupt files

Four GNU Guix flaws allow attackers gain root and corrupt files
CyberSIXT Evidence Panel
Primary Source guix.gnu.org

THE GNU Guix project revealed four vulnerabilities affecting its software components, allowing for remote privilege escalation and potential file corruption. The flaws primarily impact the 'guix substitute' helper and 'guix pull' functions. Key issues include arbitrary file writes during unpacking, substitute swapping, and channel path traversal, which pose significant security risks as they allow unauthorized access and manipulation of files, especially when the daemon runs with root privileges.

All versions prior to recent patches are affected. The Guix team has released updates to mitigate these vulnerabilities, emphasizing the importance of keeping both the client and daemon updated.

View Primary Source Via securityonline.info

Article by CyberSIXT