CVE-2026-32692

CWE-2856 documents5 sources
Severity
6.5MEDIUM
EPSS
0.0%
top 91.65%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Canonical JujuGithub.com Juju/juju
Timeline
PublishedMar 18
Latest updateMar 23

Description

An authorization bypass vulnerability in the Vault secrets back-end implementation of Juju versions 3.1.6 through 3.6.18 allows an authenticated unit agent to perform unauthorized updates to secret revisions. With sufficient information, an attacker can poison any existing secret revision within the scope of that Vault secret back-end.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:LExploitability: 2.8 | Impact: 4.7

Affected Packages3 packages

CVEListV5canonical/juju3.1.63.6.19
NVDcanonical/juju3.1.63.6.19
Gogithub.com/juju/juju0.0.0-20230919230135-f6a66aa91eec0.0.0-20260319091847-d06919eb03ec

🔴Vulnerability Details

4
OSV
Juju has unauthorized update of out-of-scope Vault secrets in github.com/juju/juju2026-03-23
OSV
Juju has unauthorized update of out-of-scope Vault secrets2026-03-19
GHSA
Juju has unauthorized update of out-of-scope Vault secrets2026-03-19
CVEList
Unauthorized update of out-of-scope Vault secrets2026-03-18

🕵️Threat Intelligence

1
Wiz
CVE-2026-32692 Impact, Exploitability, and Mitigation Steps | Wiz
CVE-2026-32692 (MEDIUM CVSS 6.5) | An authorization bypass vulnerabili | cvebase.io