CVE-2026-32692

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2026-32692

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-32692.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2026-32692

Aliases

Downstream

SUSE-SU-2026:1135-1

Related

SUSE-SU-2026:1135-1

Published

2026-03-18T13:16:18.710Z

Modified

2026-04-10T05:42:25.263117Z

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N CVSS Calculator

Summary

[none]

Details

An authorization bypass vulnerability in the Vault secrets back-end implementation of Juju versions 3.1.6 through 3.6.18 allows an authenticated unit agent to perform unauthorized updates to secret revisions. With sufficient information, an attacker can poison any existing secret revision within the scope of that Vault secret back-end.

References

https://github.com/juju/juju/security/advisories/GHSA-89x7-5m5m-mcmm

Affected packages

Git / github.com/juju/juju

Affected ranges

Type

GIT

Repo

https://github.com/juju/juju

Events

Introduced

f6a66aa91eec620f5ac04a19d8c06bef03ae6228

Fixed

5a261e58fcd3bd366b36229bfd1c46e6b3b61402

Database specific

{
    "versions": [
        {
            "introduced": "3.1.6"
        },
        {
            "fixed": "3.6.19"
        }
    ]
}

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-32692.json"