CVE-2026-32692

Source
https://cve.org/CVERecord?id=CVE-2026-32692
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-32692.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-32692
Aliases
Downstream
Related
Published
2026-03-18T12:35:29.274Z
Modified
2026-07-15T01:49:12.945411496Z
Severity
  • 7.6 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L CVSS Calculator
Summary
Unauthorized update of out-of-scope Vault secrets
Details

An authorization bypass vulnerability in the Vault secrets back-end implementation of Juju versions 3.1.6 through 3.6.18 allows an authenticated unit agent to perform unauthorized updates to secret revisions. With sufficient information, an attacker can poison any existing secret revision within the scope of that Vault secret back-end.

Database specific
{
    "cwe_ids": [
        "CWE-285"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/32xxx/CVE-2026-32692.json",
    "cna_assigner": "canonical"
}
References

Affected packages

Git / github.com/juju/juju

Affected ranges

Type
GIT
Repo
https://github.com/juju/juju
Events
Database specific
{
    "cpe": "cpe:2.3:a:canonical:juju:*:*:*:*:*:*:*:*",
    "extracted_events": [
        {
            "introduced": "3.1.6"
        },
        {
            "fixed": "3.6.19"
        }
    ],
    "source": [
        "AFFECTED_FIELD",
        "CPE_RANGE"
    ]
}

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-32692.json"