CVE-2026-32692
published 2026-03-18CVE-2026-32692: An authorization bypass vulnerability in the Vault secrets back-end implementation of Juju versions 3.1.6 through 3.6.18 allows an authenticated unit agent to…
PriorityP338medium6.5CVSS 3.1
AVNACLPRLUINSUCNIHAN
EPSS
0.17%
6.2th percentile
An authorization bypass vulnerability in the Vault secrets back-end implementation of Juju versions 3.1.6 through 3.6.18 allows an authenticated unit agent to perform unauthorized updates to secret revisions. With sufficient information, an attacker can poison any existing secret revision within the scope of that Vault secret back-end.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| canonical | juju | >= 3.1.6 < 3.6.19 | 3.6.19 |
| github.com | juju_juju | >= 0.0.0-20230919230135-f6a66aa91eec < 0.0.0-20260319091847-d06919eb03ec | 0.0.0-20260319091847-d06919eb03ec |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
Juju has unauthorized update of out-of-scope Vault secrets in github.com/juju/juju
osv·2026-03-23
CVE-2026-32692 Juju has unauthorized update of out-of-scope Vault secrets in github.com/juju/juju
Juju has unauthorized update of out-of-scope Vault secrets in github.com/juju/juju
Juju has unauthorized update of out-of-scope Vault secrets in github.com/juju/juju
OSV
Juju has unauthorized update of out-of-scope Vault secrets
osv·2026-03-19
CVE-2026-32692 [HIGH] Juju has unauthorized update of out-of-scope Vault secrets
Juju has unauthorized update of out-of-scope Vault secrets
An authorization bypass vulnerability in the Vault secrets back-end implementation of Juju versions 3.1.6 through 3.6.18 allows an authenticated unit agent to perform unauthorized updates to secret revisions. With sufficient information, an attacker can poison any existing secret revision within the scope of that Vault secret back-end.
### Impact
An authenticated unit agent can update any secret revision of a Vault back-end
that the unit's model uses. With sufficient information, an attacker can poison
any existing secret revision within the scope of that Vault secret back-end.
### Patches
3.6.19
GHSA
Juju has unauthorized update of out-of-scope Vault secrets
ghsa·2026-03-19
CVE-2026-32692 [HIGH] CWE-285 Juju has unauthorized update of out-of-scope Vault secrets
Juju has unauthorized update of out-of-scope Vault secrets
An authorization bypass vulnerability in the Vault secrets back-end implementation of Juju versions 3.1.6 through 3.6.18 allows an authenticated unit agent to perform unauthorized updates to secret revisions. With sufficient information, an attacker can poison any existing secret revision within the scope of that Vault secret back-end.
### Impact
An authenticated unit agent can update any secret revision of a Vault back-end
that the unit's model uses. With sufficient information, an attacker can poison
any existing secret revision within the scope of that Vault secret back-end.
### Patches
3.6.19
No detection rules found.
No public exploits indexed.
2026-03-18
Published