Description
An authorization bypass vulnerability in the Vault secrets back-end implementation of Juju versions 3.1.6 through 3.6.18 allows an authenticated unit agent to perform unauthorized updates to secret revisions. With sufficient information, an attacker can poison any existing secret revision within the scope of that Vault secret back-end.
Published: 2026-03-18
Score: 7.6 High
EPSS: < 1% Very Low
KEV: No
Impact: Unauthorized privileged update to Vault secrets
Action: Immediate Patch
AI Analysis

Impact

The vulnerability is an authorization bypass in the Vault secrets back-end of Juju. An authenticated unit agent can update secret revisions that it is not permitted to modify. This can lead to poisoning of any existing secret revision within the affected Vault secret back-end, compromising data integrity and potentially enabling misconfigurations or denial of service. The weakness is classified as CWE‑285 (Authorization Bypass Through Privileged Credential).

Affected Systems

Affected products are Canonical Juju, versions 3.1.6 through 3.6.18. Only these releases are impacted, as newer releases contain the fix.

Risk and Exploitability

The CVSS score is 7.6, indicating high severity, but the EPSS score is below 1% suggesting a low likelihood of exploitation in the wild. The vulnerability is not listed in the CISA KEV catalog. Exploitation requires that an attacker has an authenticated unit agent in the Juju environment; once achieved, the attacker can modify secrets within that back-end, potentially undermining infrastructure security. The likely attack vector is an authenticated internal or remote agent attack, inferred from the need for a unit agent.

Generated by OpenCVE AI on March 19, 2026 at 16:14 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Juju to version 3.6.19 or newer.

Generated by OpenCVE AI on March 19, 2026 at 16:14 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-89x7-5m5m-mcmm Juju has unauthorized update of out-of-scope Vault secrets
History

Thu, 19 Mar 2026 15:30:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:canonical:juju:*:*:*:*:*:*:*:*

Thu, 19 Mar 2026 09:45:00 +0000

Type Values Removed Values Added
First Time appeared Canonical
Canonical juju
Vendors & Products Canonical
Canonical juju

Wed, 18 Mar 2026 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 18 Mar 2026 13:00:00 +0000

Type Values Removed Values Added
Description An authorization bypass vulnerability in the Vault secrets back-end implementation of Juju versions 3.1.6 through 3.6.18 allows an authenticated unit agent to perform unauthorized updates to secret revisions. With sufficient information, an attacker can poison any existing secret revision within the scope of that Vault secret back-end.
Title Unauthorized update of out-of-scope Vault secrets
Weaknesses CWE-285
References
Metrics cvssV3_1

{'score': 7.6, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L'}

Subscriptions

Canonical Juju
cve-icon MITRE

Status: PUBLISHED

Assigner: canonical

Published:

Updated: 2026-03-18T13:42:54.697Z

Reserved: 2026-03-13T12:53:34.544Z

Link: CVE-2026-32692

cve-icon Vulnrichment

Updated: 2026-03-18T13:42:50.071Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-18T13:16:18.710

Modified: 2026-03-19T15:23:26.870

Link: CVE-2026-32692

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-24T10:58:49Z

Weaknesses