What is the Nix privilege escalation vulnerability?

It's a symlink-following bug in the Nix daemon's fixed-output registration, letting builders overwrite root-writable files during builds. Hits multi-user Linux setups by default.

How do I fix Nix privilege escalation on my system?

Update to nix 2.24.5+ or NixOS 24.11. Set allowed-users to specific nicks, not '*'. Rebuild your profile post-patch.

Is Nix safe for multi-user servers after this?

Safer with patches and config tweaks—but audit builds religiously. Single-user or trusted teams only for now.

🔒 Security & Privacy

Nix Daemon Flaw Hands Root to Any User Who Builds — Here's the Real Risk

If you're running Nix in multi-user mode, anyone's build could overwrite root files and grab total system control. This isn't theory—it's live in default configs today.

theAIcatchup Apr 08, 2026 4 min read

⚡ Key Takeaways

Default multi-user Nix setups let any builder grab root via symlinks—patch immediately. 𝕏
Flaw born from fixing another vuln; echoes historical rushed patches like post-Heartbleed. 𝕏
Slows enterprise Nix adoption; tighten allowed-users to survive. 𝕏

Published by

theAIcatchup

Community-driven. Code-first.

#Nix daemon security #Nix daemon vulnerability #Nix privilege escalation #Nix vulnerability #NixOS #NixOS vulnerability #privilege escalation #symlink attack #symlink exploit

Worth sharing?

Get the best Open Source stories of the week in your inbox — no noise, no spam.

Originally reported by LWN.net

⚡ Key Takeaways

The 60-Second TL;DR

theAIcatchup

Share this article

Worth sharing?

Related Stories

React Server Components' Perfect-Score RCE Flaw Exposes Millions of Apps

Anthropic's One-Line Fumble Leaks Billions in Code

Authenticated AI Agents Still Failing: Enter Decision Governance

Glasswing: AI's Sisyphean Bug Hunt in Legacy Code

Stay in the loop