CVE Catalog

CVE-2026-44592

Critical
Published: Translated: NVD NIST

Summary

Gradient is a nix-based continuous integration system. In version 1.1.0, when GRADIENT_DISCOVERABLE=true, anyone who can reach /proto can register as a worker without any credentials, leading to unauthorized access to jobs from every organization.

Risk Assessment

The organization is at risk of unauthorized access to data and tasks, which can lead to serious security breaches and loss of confidentiality.

Recommendation

It is recommended to upgrade to version 1.1.1 to mitigate this vulnerability and restrict access to the /proto endpoint.

Original NVD description (English source)

Gradient is a nix-based continuous integration system. In 1.1.0, when GRADIENT_DISCOVERABLE=true (the default, and the NixOS module default), anyone who can reach /proto can register as a worker without any credentials by sending a fresh, never-registered worker UUID. The resulting session has PeerAuth::Open, i.e. it sees jobs from every organisation, and can immediately NarPush/NarUploaded arbitrary store paths into nar_storage and the cached_path table. This vulnerability is fixed in 1.1.1.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS