NixOS is a Linux distribution built on top of the Nix package manager. It is completely declarative, its system configurations are reproducible, makes configuration changes reliable and atomic, and eliminates configuration drift.

NixOS

Homebrew is a free and open-source software package management system that simplifies the installation of software on Apple's macOS operating system and Linux. The name is intended to suggest the idea of building software on the Mac depending on the user's taste. Originally written by Max Howell, the package manager has gained popularity in the Ruby on Rails community and earned praise for its extensibility.

Homebrew

OpenSC is an open-source toolset that provides support for various smart card readers, cards and cryptographic tokens (like PKCS#15 standard, cryptographic tokens, and various common smart cards). It includes libraries that enable the tools to access smart cards and readers, and it also features applications for dealing with cryptographic tokens. OpenSC is often used for adding support for smart card devices to applications such as Mozilla Firefox and Thunderbird, and VPN solutions.

OpenSC

Debian GNU/Linux is a Linux distribution composed of free and open-source software.

Linux Debian

Fedora is a popular open-source, Linux-based operating system.

Linux Fedora

Red Hat Enterprise Linux is a Linux distribution developed by Red Hat for the commercial market.

Linux Red Hat

Echo is a secure, minimal Linux OS built vulnerability-free. It is fully compatible across environments and continuously patched - making it a clean, dependable base layer for modern applications. Echo is used by organizations focused on security and reliability, including those with compliance or FIPS requirements.

Echo

OpenSC is an open source smart card tools and middleware. Prior to version 0.27.0, feeding a crafted input to the fuzz_pkcs15_reader harness causes OpenSC to perform an out-of-bounds heap read in the X.509/SPKI handling path. Specifically, sc_pkcs15_pubkey_from_spki_fields() allocates a zero-length buffer and then reads one byte past the end of that allocation. This issue has been patched in version 0.27.0.

CVE ID	Severity	Score	Technologies	Component name	CISA KEV exploit	Has fix	Published date
CVE-2026-21010	HIGH	7.8	NixOS	android	No	No	Apr 13, 2026
CVE-2026-21012	MEDIUM	6.8	NixOS	android	No	No	Apr 13, 2026
CVE-2026-21011	MEDIUM	5.4	NixOS	android	No	No	Apr 13, 2026
CVE-2026-21008	MEDIUM	5.1	NixOS	android	No	No	Apr 13, 2026
CVE-2026-21007	MEDIUM	4.4	NixOS	android	No	No	Apr 13, 2026

CVE-2025-66037:
NixOS vulnerability analysis and mitigation

6.8

Related NixOS vulnerabilities:

Benchmark your Cloud Security Posture

Additional Wiz resources

Cloud Vulnerability DB

Cloud Threat Landscape

PEACH

Ready to see Wiz in action?

CVE-2025-66037: NixOS vulnerability analysis and mitigation