CVE-2026-32692
Published: 18 March 2026
Summary
CVE-2026-32692 is a high-severity Improper Authorization (CWE-285) vulnerability in Canonical Juju. Its CVSS base score is 7.6 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 10.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Enforces approved authorizations to prevent authenticated unit agents from bypassing controls and performing unauthorized updates to secret revisions in the Vault back-end.
Applies least privilege to unit agents, limiting their ability to access and modify secret revisions beyond necessary functions despite the authorization bypass.
Requires timely identification, reporting, and correction of the specific authorization bypass flaw in Juju versions 3.1.6 through 3.6.18, directly mitigating the vulnerability through patching.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Authorization bypass (CWE-285) in secrets backend directly enables privilege escalation to perform unauthorized actions and facilitates stored data manipulation via secret revision poisoning.
NVD Description
An authorization bypass vulnerability in the Vault secrets back-end implementation of Juju versions 3.1.6 through 3.6.18 allows an authenticated unit agent to perform unauthorized updates to secret revisions. With sufficient information, an attacker can poison any existing secret revision within…
more
the scope of that Vault secret back-end.
Deeper analysisAI
CVE-2026-32692 is an authorization bypass vulnerability (CWE-285) in the Vault secrets back-end implementation of Juju versions 3.1.6 through 3.6.18. Published on 2026-03-18, it enables an authenticated unit agent to perform unauthorized updates to secret revisions. With sufficient information, an attacker can poison any existing secret revision within the scope of that Vault secret back-end. The vulnerability has a CVSS v3.1 base score of 7.6 (AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L).
An authenticated unit agent can exploit this vulnerability remotely over the network with low attack complexity and no user interaction required. Successful exploitation allows the attacker to update and poison secret revisions, compromising the integrity of secrets managed by the Vault back-end in the affected Juju deployment.
Mitigation guidance is available in the GitHub Security Advisory at https://github.com/juju/juju/security/advisories/GHSA-89x7-5m5m-mcmm.
Details
- CWE(s)