High severityNVD Advisory· Published Mar 18, 2026· Updated Mar 18, 2026
Unauthorized update of out-of-scope Vault secrets
CVE-2026-32692
Description
An authorization bypass vulnerability in the Vault secrets back-end implementation of Juju versions 3.1.6 through 3.6.18 allows an authenticated unit agent to perform unauthorized updates to secret revisions. With sufficient information, an attacker can poison any existing secret revision within the scope of that Vault secret back-end.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
github.com/juju/jujuGo | >= 0.0.0-20230919230135-f6a66aa91eec, < 0.0.0-20260319091847-d06919eb03ec | 0.0.0-20260319091847-d06919eb03ec |
Affected products
3- ghsa-coords2 versions
>= 0.0.0-20230919230135-f6a66aa91eec, < 0.0.0-20260319091847-d06919eb03ec+ 1 more
- (no CPE)range: >= 0.0.0-20230919230135-f6a66aa91eec, < 0.0.0-20260319091847-d06919eb03ec
- (no CPE)range: < 0.0.20260326T203309-150000.1.155.2
Patches
Vulnerability mechanics
References
4- github.com/advisories/GHSA-89x7-5m5m-mcmmghsaADVISORY
- github.com/juju/juju/security/advisories/GHSA-89x7-5m5m-mcmmghsavendor-advisoryvdb-entryWEB
- nvd.nist.gov/vuln/detail/CVE-2026-32692ghsaADVISORY
- github.com/juju/juju/commit/d06919eb03ec68156818bcc304b5fe1c39a8f9e9ghsaWEB
News mentions
0No linked articles in our index yet.