CVE-2026-32692

EUVD-2026-12817
An authorization bypass vulnerability in the Vault secrets back-end implementation of Juju versions 3.1.6 through 3.6.18 allows an authenticated unit agent to perform unauthorized updates to secret revisions. With sufficient information, an attacker can poison any existing secret revision within the scope of that Vault secret back-end.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.6 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L
Base Score
CVSS 3.x
EPSS Score
Percentile: 9.94%
Affected Products (NVD)
VendorProductVersion
canonicaljuju
3.1.6 ≤
𝑥
< 3.6.19
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
juju
jammy
dne
noble
dne
questing
dne
resolute
dne
Common Weakness Enumeration
References
https://github.com/juju/juju/security/advisories/GHSA-89x7-5m5m-mcmm