CVE-2026-32692
Received Received - Intake
Authorization Bypass in Juju Vault Backend Allows Secret Poisoning

Publication date: 2026-03-18

Last updated on: 2026-03-19

Assigner: Canonical Ltd.

Description
An authorization bypass vulnerability in the Vault secrets back-end implementation of Juju versions 3.1.6 through 3.6.18 allows an authenticated unit agent to perform unauthorized updates to secret revisions. With sufficient information, an attacker can poison any existing secret revision within the scope of that Vault secret back-end.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-18
Last Modified
2026-03-19
Generated
2026-06-16
AI Q&A
2026-03-18
EPSS Evaluated
2026-06-15
NVD
CVE-2026-32692
EUVD
EUVD-2026-12817
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
canonical juju From 3.1.6 (inc) to 3.6.19 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-285 The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

[{'type': 'paragraph', 'content': 'CVE-2026-32692 is a high-severity authorization bypass vulnerability in the Vault secrets back-end implementation of Juju versions 3.1.6 through 3.6.18.'}, {'type': 'paragraph', 'content': "This vulnerability allows an authenticated unit agent to perform unauthorized updates to secret revisions within the Vault secret back-end used by the unit's model."}, {'type': 'paragraph', 'content': 'With sufficient information, an attacker can poison any existing secret revision, compromising the integrity of stored secrets.'}, {'type': 'paragraph', 'content': 'The root cause is improper authorization checks (CWE-285), where the product fails to correctly verify permissions when an actor attempts to update secret revisions.'}, {'type': 'paragraph', 'content': 'The issue is exploitable over the network with low attack complexity, requiring low privileges and no user interaction.'}] [1]

Impact Analysis

This vulnerability can impact you by allowing an attacker with low privileges to perform unauthorized updates to secret revisions stored in the Vault secret back-end.

Such unauthorized updates can poison existing secrets, compromising their integrity.

This can lead to potential misuse or manipulation of sensitive information that relies on these secrets.

The confidentiality impact is low, but the integrity impact is high, meaning the attacker can alter secrets but may not fully expose them.

Availability impact is low, so system availability is less likely to be affected.

Compliance Impact

I don't know

Detection Guidance

I don't know

Mitigation Strategies

To mitigate this vulnerability, you should upgrade Juju to version 3.6.19 or later, where the issue has been fixed by enforcing proper authorization checks.

This update prevents unauthorized updates to secret revisions by authenticated unit agents, thereby protecting the integrity of stored secrets.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-32692. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart