Nixpkgs is a collection of software packages that can be installed with the Nix package manager. Prior to the 25.11 and 26.05 channel fixes, the NixOS module for MySQL services.mysql initializes the MySQL database in a way that allows local users, such as unprivileged web or CGI processes on the same host, to log in as the root user without a password when the service is used with mysql or percona-server. This issue is fixed in the 25.11 and 26.05.
Metrics
Affected Vendors & Products
References
History
Wed, 15 Jul 2026 15:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | Nixpkgs is a collection of software packages that can be installed with the Nix package manager. Prior to the 25.11 and 26.05 channel fixes, the NixOS module for MySQL services.mysql initializes the MySQL database in a way that allows local users, such as unprivileged web or CGI processes on the same host, to log in as the root user without a password when the service is used with mysql or percona-server. This issue is fixed in the 25.11 and 26.05. | |
| Title | nixos/mysql : `services.mysql` is configured with insecure authentication by default when used with `mysql` or `percona-server` | |
| Weaknesses | CWE-276 | |
| References |
|
|
| Metrics |
cvssV4_0
|
Status: PUBLISHED
Assigner: GitHub_M
Published:
Updated: 2026-07-15T16:32:36.992Z
Reserved: 2026-07-10T20:17:57.993Z
Link: CVE-2026-61828
No data.
No data.
No data.
OpenCVE Enrichment
No data.