CVE-2026-32692

Description

An authorization bypass vulnerability in the Vault secrets back-end implementation of Juju versions 3.1.6 through 3.6.18 allows an authenticated unit agent to perform unauthorized updates to secret revisions. With sufficient information, an attacker can poison any existing secret revision within the scope of that Vault secret back-end.

CVSS Details

CVSS Score

7.6

Severity

HIGH

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L

Configurations (Affected Products)

cpe:2.3:a:canonical:juju:*:*:*:*:*:*:*:* - VULNERABLE

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

...

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2026-32692
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2026-32692
[3] CVE Details https://www.cvedetails.com/cve/CVE-2026-32692/
[4] VulDB https://vuldb.com/cve/CVE-2026-32692
[5] https://github.com/juju/juju/security/advisories/GHSA-89x7-5m5m-mcmm

Raw JSON Data

JSON

{"cve": {"id": "CVE-2026-32692", "sourceIdentifier": "[email protected]", "published": "2026-03-18T13:16:18.710", "lastModified": "2026-03-19T15:23:26.870", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "An authorization bypass vulnerability in the Vault secrets back-end implementation of Juju versions 3.1.6 through 3.6.18 allows an authenticated unit agent to perform unauthorized updates to secret revisions. With sufficient information, an attacker can poison any existing secret revision within the scope of that Vault secret back-end."}, {"lang": "es", "value": "Una vulnerabilidad de omisión de autorización en la implementación del back-end de secretos de Vault de Juju versiones 3.1.6 a 3.6.18 permite a un agente de unidad autenticado realizar actualizaciones no autorizadas a las revisiones de secretos. Con información suficiente, un atacante puede envenenar cualquier revisión de secreto existente dentro del alcance de ese back-end de secretos de Vault."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L", "baseScore": 7.6, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "HIGH", "availabilityImpact": "LOW"}, "exploitabilityScore": 2.8, "impactScore": 4.7}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "baseScore": 6.5, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.8, "impactScore": 3.6}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-285"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:canonical:juju:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.1.6", "versionEndExcluding": "3.6.19", "matchCriteriaId": "63EF3985-5422-4DB4-BD88-0FC5CC2E3100"}]}]}], "references": [{"url": "https://github.com/juju/juju/security/advisories/GHSA-89x7-5m5m-mcmm", "source": "[email protected]", "tags": ["Vendor Advisory"]}]}}