CVE-2026-44592

Published: May 14, 2026

Modified: May 16, 2026

PUBLISHED

CVSS v3.1

9.4

CRITICAL

Description

Gradient is a nix-based continuous integration system. In 1.1.0, when GRADIENT_DISCOVERABLE=true (the default, and the NixOS module default), anyone who can reach /proto can register as a worker without any credentials by sending a fresh, never-registered worker UUID. The resulting session has PeerAuth::Open, i.e. it sees jobs from every organisation, and can immediately NarPush/NarUploaded arbitrary store paths into nar_storage and the cached_path table. This vulnerability is fixed in 1.1.1.

Vendor	Product	Versions
wavelens	gradient	affected `1.1.0`

Weaknesses (CWE)

CWE-306

CWE-345

CWE-862

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

High

Availability

High

References

https://github.com/wavelens/gradient/security/advisories/GHSA-49w6-gf3p-96m2

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2026-44592

Description

Affected Products

Weaknesses (CWE)

CVSS v3.1 Details

References