CVE-2026-61828
Gravedad CVSS v4.0:
ALTA
Tipo:
No Disponible / Otro tipo
Fecha de publicación:
15/07/2026
Última modificación:
15/07/2026
Descripción
*** Pendiente de traducción *** Nixpkgs is a collection of software packages that can be installed with the Nix package manager. Prior to the 25.11 and 26.05 channel fixes, the NixOS module for MySQL services.mysql initializes the MySQL database in a way that allows local users, such as unprivileged web or CGI processes on the same host, to log in as the root user without a password when the service is used with mysql or percona-server. This issue is fixed in the 25.11 and 26.05.
Impacto
Puntuación base 4.0
8.50
Gravedad 4.0
ALTA
Referencias a soluciones, herramientas e información
- https://github.com/NixOS/nixpkgs/commit/3f68d7ad2a6865ff8b4910d89f173d7258bad8dd
- https://github.com/NixOS/nixpkgs/commit/4aed47116a8734922763cd8f477467b0a0bcd6d7
- https://github.com/NixOS/nixpkgs/commit/f8ee41468a7a8f9ed3a8cc7d017151c2ca6f90b5
- https://github.com/NixOS/nixpkgs/pull/534254
- https://github.com/NixOS/nixpkgs/pull/534482
- https://github.com/NixOS/nixpkgs/pull/534484
- https://github.com/NixOS/nixpkgs/security/advisories/GHSA-6qxx-6rg8-c4p8



