Skip to main content

Juju CVE-2026-32692

| EUVDEUVD-2026-12817 HIGH
Improper Authorization (CWE-285)
2026-03-18 canonical GHSA-89x7-5m5m-mcmm
7.6
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.6 HIGH
AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L
SUSE
HIGH
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
High
Availability
Low

Lifecycle Timeline

4
Patch released
Mar 31, 2026 - 21:13 nvd
Patch available
EUVD ID Assigned
Mar 18, 2026 - 13:15 euvd
EUVD-2026-12817
Analysis Generated
Mar 18, 2026 - 13:15 vuln.today
CVE Published
Mar 18, 2026 - 12:35 nvd
HIGH 7.6

DescriptionCVE.org

An authorization bypass vulnerability in the Vault secrets back-end implementation of Juju versions 3.1.6 through 3.6.18 allows an authenticated unit agent to perform unauthorized updates to secret revisions. With sufficient information, an attacker can poison any existing secret revision within the scope of that Vault secret back-end.

AnalysisAI

An authorization bypass vulnerability exists in the Vault secrets back-end implementation of Canonical's Juju orchestration tool, allowing authenticated unit agents to perform unauthorized updates to secret revisions beyond their intended scope. Juju versions 3.1.6 through 3.6.18 are affected, and attackers with sufficient information can poison any existing secret revision within the Vault secret back-end scope. With a CVSS score of 7.6 (High severity) featuring network attack vector, low complexity, and high integrity impact, this represents a significant security concern for Juju deployments using Vault as their secrets back-end, though no active exploitation (KEV) status or EPSS score was provided in available data.

Technical ContextAI

Juju is Canonical's application modeling and orchestration tool used for deploying and managing applications across cloud environments. The vulnerability resides in the Vault secrets back-end implementation, where unit agents (authenticated components that manage application units) interact with HashiCorp Vault for secrets management. The affected product is identified via CPE as cpe:2.3:a:canonical:juju spanning versions 3.1.6 through 3.6.18. The root cause is classified as CWE-285 (Improper Authorization), indicating that the system fails to properly verify whether a unit agent has the appropriate permissions to modify secret revisions, allowing privilege escalation within the secrets management layer. This is particularly concerning as Vault integration is typically used to centralize and secure sensitive credentials across distributed application deployments.

RemediationAI

Organizations should upgrade Juju to version 3.6.19 or later, or apply patches available from Canonical as detailed in the GitHub security advisory at https://github.com/juju/juju/security/advisories/GHSA-89x7-5m5m-mcmm. Until patching is completed, organizations should implement additional access controls and monitoring around unit agent authentication, review and audit Vault secret access patterns for anomalous modification attempts, and consider temporarily isolating or restricting network access to Juju controllers managing sensitive Vault-backed secrets. Organizations not using the Vault secrets back-end are not affected by this specific vulnerability. After upgrading, review all secret revisions for potential poisoning and rotate any secrets that may have been exposed to untrusted unit agents during the vulnerable period.

More in Juju

View all
CVE-2017-9232 CRITICAL POC
9.8 May 28

Juju before 1.25.12, 2.0.x before 2.0.4, and 2.1.x before 2.1.3 uses a UNIX domain socket without setting appropriate pe

CVE-2025-0928 HIGH POC
8.8 Jul 08

In Juju versions prior to 3.6.8 and 2.9.52, any authenticated controller user was allowed to upload arbitrary agent bina

CVE-2025-53513 HIGH POC
8.8 Jul 08

The /charms endpoint on a Juju controller lacked sufficient authorization checks, allowing any user with an account on t

CVE-2024-7558 HIGH POC
8.0 Oct 02

JUJU_CONTEXT_ID is a predictable authentication secret. Rated high severity (CVSS 8.0), this vulnerability is low attack

CVE-2025-53512 MEDIUM POC
6.5 Jul 08

The /log endpoint on a Juju controller lacked sufficient authorization checks, allowing unauthorized users to access deb

CVE-2026-4370 CRITICAL
10.0 Apr 01

Unauthenticated remote database cluster compromise in Canonical Juju (versions 3.2.0-3.6.19 and 4.0-4.0.4) allows comple

CVE-2026-5412 CRITICAL
9.9 Apr 10

Authorization bypass in Canonical Juju Controller facade allows authenticated users to extract bootstrap cloud credentia

CVE-2026-32693 HIGH
8.8 Mar 18

An authorization bypass vulnerability in Canonical's Juju versions 3.0.0 through 3.6.18 allows authenticated users with

CVE-2024-6984 LOW POC
3.8 Jul 29

An issue was discovered in Juju that resulted in the leak of the sensitive context ID, which allows a local unprivileged

CVE-2025-68153 HIGH
7.1 Apr 03

Unauthorized resource modification in Juju application orchestration engine allows any authenticated controller user to

CVE-2025-68152 MEDIUM
6.9 Apr 03

Juju application orchestration engine versions 2.9 to 2.9.55 and 3.6 to 3.6.18 allow a compromised workload machine to r

CVE-2026-32694 MEDIUM
6.6 Mar 18

A predictable secret identifier (XID) vulnerability in Juju versions 3.0.0 through 3.6.18 allows a malicious grantee to

Vendor StatusVendor

Debian

juju
Release Status Fixed Version Urgency
(unstable) fixed (unfixed) -

SUSE

Severity: High
Product Status
openSUSE Leap 15.6 Fixed
SUSE Linux Enterprise Module for Package Hub 15 SP5 Fixed
SUSE Linux Enterprise Module for Package Hub 15 SP6 Fixed
openSUSE Leap 15.5 Fixed

Share

CVE-2026-32692 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy