What is the CVSS score of EUVD-2026-12817?

EUVD-2026-12817 has a CVSS 3.1 base score of 7.6 (High). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L. EPSS exploitation probability: 0.0%.

Which versions of Juju are affected by EUVD-2026-12817?

A high-severity authorization bypass vulnerability in Juju's Vault integration allows authenticated agents to illegally modify secrets, posing a critical risk to organizations managing infrastructure…. A patch is available.

Juju EUVD-2026-12817

| CVE-2026-32692 HIGH

Improper Authorization (CWE-285)

2026-03-18 canonical

GHSA-89x7-5m5m-mcmm

Authentication Bypass Debian Hashicorp Juju Suse

7.6

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

High

Availability

Low

Lifecycle Timeline

Patch released

Mar 31, 2026 - 21:13 nvd

Patch available

EUVD ID Assigned

Mar 18, 2026 - 13:15 euvd

EUVD-2026-12817

Analysis Generated

Mar 18, 2026 - 13:15 vuln.today

CVE Published

Mar 18, 2026 - 12:35 nvd

HIGH 7.6

DescriptionNVD

An authorization bypass vulnerability in the Vault secrets back-end implementation of Juju versions 3.1.6 through 3.6.18 allows an authenticated unit agent to perform unauthorized updates to secret revisions. With sufficient information, an attacker can poison any existing secret revision within the scope of that Vault secret back-end.

AnalysisAI

An authorization bypass vulnerability exists in the Vault secrets back-end implementation of Canonical's Juju orchestration tool, allowing authenticated unit agents to perform unauthorized updates to secret revisions beyond their intended scope. Juju versions 3.1.6 through 3.6.18 are affected, and attackers with sufficient information can poison any existing secret revision within the Vault secret back-end scope. …

RemediationAI

Within 24 hours: Audit all Juju deployments to identify those using Vault as the secrets backend and document affected versions; notify relevant teams and escalate to infrastructure leadership. Within 7 days: Implement access controls to restrict unit agent permissions, disable Vault secret backend if not critical, and isolate affected Juju controller networks. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

More from same product – last 7 days

CVE-2026-9256 HIGH This Week

8.1 May 22

Heap buffer overflow in NGINX Plus and NGINX Open Source ngx_http_rewrite_module allows unauthenticated remote attackers

CVE-2026-47269 HIGH This Week

7.4 May 27

Authentication-context bypass in pam_usb before 0.9.0 lets a person holding an enrolled USB device authenticate over SSH

CVE-2026-47271 MEDIUM This Month

5.1 May 27

pam_usb prior to 0.9.0 crashes under memory pressure due to assert()-based OOM guards in src/mem.c that are silently str

CVE-2026-8903 MEDIUM This Month

4.3 May 27

Cross-Site Request Forgery in the Two-factor Authentication (formerly IP Vault) WordPress plugin versions up to and incl

CVE-2026-9223 Monitor

4.3 May 22

Missing authorization in the vault import feature in Devolutions Server 2026.1.16.0 and earlier allows a low-privileged

Vendor StatusVendor

Debian

juju

Release	Status	Fixed Version	Urgency
(unstable)	fixed	(unfixed)	-

EUVD-2026-12817 vulnerability details – vuln.today

Back