diff --git a/pkgs/servers/nginx-sso/default.nix b/pkgs/servers/nginx-sso/default.nix
index 56aa8205c5d..1043ee519bc 100644
--- a/pkgs/servers/nginx-sso/default.nix
+++ b/pkgs/servers/nginx-sso/default.nix
@@ -6,18 +6,16 @@
 
 buildGoModule rec {
   pname = "nginx-sso";
-  version = "0.25.0";
+  version = "0.26.0";
 
   src = fetchFromGitHub {
     owner = "Luzifer";
     repo = "nginx-sso";
     rev = "v${version}";
-    sha256 = "sha256-uYl6J2auAkboPpT6lRZzI70bCU9LvxfCdCyHfLNIsHw=";
+    hash = "sha256-vtbomeezW8PMv2lCR6PJqYw+PCFJ3M1SAQPGaIWouXY=";
   };
 
-  vendorSha256 = null;
-
-  patches = [ ./rune.patch ];
+  vendorHash = "sha256-THTQhUgIfDDTgnR4qZxWFoGQzvqr3xrrz5ZxnV9ipBM=";
 
   postInstall = ''
     mkdir -p $out/share
diff --git a/pkgs/servers/nginx-sso/rune.patch b/pkgs/servers/nginx-sso/rune.patch
deleted file mode 100644
index 5e5480787de..00000000000
--- a/pkgs/servers/nginx-sso/rune.patch
+++ /dev/null
@@ -1,13 +0,0 @@
-diff --git i/main.go w/main.go
-index bf80f3d..632f7d6 100644
---- i/main.go
-+++ w/main.go
-@@ -174,7 +174,7 @@ func handleAuthRequest(res http.ResponseWriter, r *http.Request) {
- 	case plugins.ErrNoValidUserFound:
- 		// No valid user found, check whether special anonymous "user" has access
- 		// Username is set to 0x0 character to prevent accidental whitelist-match
--		if mainCfg.ACL.HasAccess(string(0x0), nil, r) {
-+		if mainCfg.ACL.HasAccess(string(rune(0x0)), nil, r) {
- 			mainCfg.AuditLog.Log(auditEventValidate, r, map[string]string{"result": "anonymous access granted"}) // #nosec G104 - This is only logging
- 			res.WriteHeader(http.StatusOK)
- 			return