Nixpkgs security tracker

Login with GitHub

⚠️ You are using a production deployment that is still only suitable for demo purposes. Any work done in this might be wiped later without notice.

Suggestion detail

Untriaged

Permalink CVE-2026-32692

7.6 HIGH

CVSS version: 3.1
Attack vector (AV): NETWORK
Attack complexity (AC): LOW
Privileges required (PR): LOW
User interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality impact (C): LOW
Integrity impact (I): HIGH
Availability impact (A): LOW

created 3 weeks, 6 days ago

Unauthorized update of out-of-scope Vault secrets

An authorization bypass vulnerability in the Vault secrets back-end implementation of Juju versions 3.1.6 through 3.6.18 allows an authenticated unit agent to perform unauthorized updates to secret revisions. With sufficient information, an attacker can poison any existing secret revision within the scope of that Vault secret back-end.

References

https://github.com/juju/juju/security/advisories/GHSA-89x7-5m5m-mcmm vdb-entryvendor-advisory

Affected products

juju

<3.6.19

Matching in nixpkgs

pkgs.juju

Open source modelling tool for operating software in the cloud

nixos-unstable 3.6.12
- nixpkgs-unstable 3.6.12
- nixos-unstable-small 3.6.12
nixos-25.11 3.6.11
- nixos-25.11-small 3.6.11
- nixpkgs-25.11-darwin 3.6.11

pkgs.jujutsu

Git-compatible DVCS that is both simple and powerful

nixos-unstable 0.39.0
- nixpkgs-unstable 0.39.0
- nixos-unstable-small 0.39.0
nixos-25.11 0.35.0
- nixos-25.11-small 0.35.0
- nixpkgs-25.11-darwin 0.35.0

pkgs.jujuutils

Utilities around FireWire devices connected to a Linux computer

nixos-unstable 0.2
- nixpkgs-unstable 0.2
- nixos-unstable-small 0.2
nixos-25.11 0.2
- nixos-25.11-small 0.2
- nixpkgs-25.11-darwin 0.2

Package maintainers

@RealityAnomaly Alex Zero <alex@arctarus.co.uk>
@0x4A6F Joachim Ernst <mail-maintainer@0x4A6F.dev>
@thoughtpolice Austin Seipp <aseipp@pobox.com>
@emilazy Emily <nixpkgs@emily.moe>
@bbigras Bruno Bigras <bigras.bruno@gmail.com>