CVE-2026-32692

CVSS v3.1

7.6

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L

Name of the Vulnerable Software and Affected Versions Juju versions 3.1.6 through 3.6.18

Description An authorization bypass exists in the Vault secrets back-end implementation. An authenticated unit agent can perform unauthorized updates to secret revisions. An attacker, with sufficient information, can potentially compromise existing secret revisions within the scope of the affected Vault secret back-end.

Recommendations Update Juju to version 3.6.19 or later.

Fix

Improper Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-285

Related Identifiers

CVE-2026-32692

GHSA-89X7-5M5M-MCMM

GO-2026-4781

SUSE-SU-2026:1135-1

Affected Products

Juju

CVE-2026-32692

Weakness Enumeration

Related Identifiers

Affected Products

References · 148