cbcvebase.
CVE-2026-32692
published 2026-03-18

CVE-2026-32692: An authorization bypass vulnerability in the Vault secrets back-end implementation of Juju versions 3.1.6 through 3.6.18 allows an authenticated unit agent to…

PriorityP338medium6.5CVSS 3.1
AVNACLPRLUINSUCNIHAN
EPSS
0.17%
6.2th percentile
An authorization bypass vulnerability in the Vault secrets back-end implementation of Juju versions 3.1.6 through 3.6.18 allows an authenticated unit agent to perform unauthorized updates to secret revisions. With sufficient information, an attacker can poison any existing secret revision within the scope of that Vault secret back-end.

Affected

2 ranges
VendorProductVersion rangeFixed in
canonicaljuju>= 3.1.6 < 3.6.193.6.19
github.comjuju_juju>= 0.0.0-20230919230135-f6a66aa91eec < 0.0.0-20260319091847-d06919eb03ec0.0.0-20260319091847-d06919eb03ec
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.