CVE-2026-32692
Authorization Bypass in Juju Vault Backend Allows Secret Poisoning
Publication date: 2026-03-18
Last updated on: 2026-03-19
Assigner: Canonical Ltd.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| canonical | juju | From 3.1.6 (inc) to 3.6.19 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-285 | The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
[{'type': 'paragraph', 'content': 'CVE-2026-32692 is a high-severity authorization bypass vulnerability in the Vault secrets back-end implementation of Juju versions 3.1.6 through 3.6.18.'}, {'type': 'paragraph', 'content': "This vulnerability allows an authenticated unit agent to perform unauthorized updates to secret revisions within the Vault secret back-end used by the unit's model."}, {'type': 'paragraph', 'content': 'With sufficient information, an attacker can poison any existing secret revision, compromising the integrity of stored secrets.'}, {'type': 'paragraph', 'content': 'The root cause is improper authorization checks (CWE-285), where the product fails to correctly verify permissions when an actor attempts to update secret revisions.'}, {'type': 'paragraph', 'content': 'The issue is exploitable over the network with low attack complexity, requiring low privileges and no user interaction.'}] [1]
How can this vulnerability impact me? :
This vulnerability can impact you by allowing an attacker with low privileges to perform unauthorized updates to secret revisions stored in the Vault secret back-end.
Such unauthorized updates can poison existing secrets, compromising their integrity.
This can lead to potential misuse or manipulation of sensitive information that relies on these secrets.
The confidentiality impact is low, but the integrity impact is high, meaning the attacker can alter secrets but may not fully expose them.
Availability impact is low, so system availability is less likely to be affected.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
I don't know
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, you should upgrade Juju to version 3.6.19 or later, where the issue has been fixed by enforcing proper authorization checks.
This update prevents unauthorized updates to secret revisions by authenticated unit agents, thereby protecting the integrity of stored secrets.