CVE-2026-32692 | THREATINT

Description

An authorization bypass vulnerability in the Vault secrets back-end implementation of Juju versions 3.1.6 through 3.6.18 allows an authenticated unit agent to perform unauthorized updates to secret revisions. With sufficient information, an attacker can poison any existing secret revision within the scope of that Vault secret back-end.

PUBLISHED Reserved 2026-03-13 | Published 2026-03-18 | Updated 2026-03-18 | Assigner canonical

HIGH: 7.6CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L

Problem types

CWE-285 Improper Authorization

Product status

Default status

unaffected

3.1.6 (semver) before 3.6.19

affected

Credits

Harry Pidcock finder

References

github.com/juju/juju/security/advisories/GHSA-89x7-5m5m-mcmm vendor-advisory vdb-entry

cve.org (CVE-2026-32692)

nvd.nist.gov (CVE-2026-32692)

Download JSON