Skip to main content

Juju CVE-2026-32693

| EUVD-2026-12819 HIGH
Incorrect Authorization (CWE-863)
2026-03-18 canonical GHSA-439w-v2p7-pggc
Authentication Bypass Debian Juju Suse
8.8
CVSS 3.1
Share

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

4
Patch released
Mar 31, 2026 - 21:13 nvd
Patch available
EUVD ID Assigned
Mar 18, 2026 - 13:15 euvd
EUVD-2026-12819
Analysis Generated
Mar 18, 2026 - 13:15 vuln.today
CVE Published
Mar 18, 2026 - 12:47 nvd
HIGH 8.8

DescriptionNVD

In Juju from version 3.0.0 through 3.6.18, the authorization of the "secret-set" tool is not performed correctly, which allows a grantee to update the secret content, and can lead to reading or updating other secrets. When the "secret-set" tool logs an error in an exploitation attempt, the secret is still updated contrary to expectations, and the new value is visible to both the owner and the grantee.

AnalysisAI

An authorization bypass vulnerability in Canonical's Juju versions 3.0.0 through 3.6.18 allows authenticated users with grantee privileges to incorrectly update secret content beyond their intended permissions, potentially accessing or modifying other secrets. The vulnerability (CWE-863: Incorrect Authorization) has a CVSS score of 8.8, indicating high severity with network-based exploitation requiring low attack complexity and low privileges. …

Sign in for full analysis, threat intelligence, and remediation guidance.

RemediationAI

Within 24 hours: Audit Juju deployments to identify all systems running versions 3.0.0-3.6.18 and inventory secret data currently protected by grantee permissions; immediately restrict access to Juju administrative interfaces and review recent secret modification logs for anomalies. Within 7 days: Implement network segmentation to limit Juju API access to essential personnel only; conduct forensic analysis of secret update logs to detect unauthorized modifications; disable secret-sharing features if operationally feasible. …

Sign in for detailed remediation steps.

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Sign in - Free

More from same product – last 7 days

CVE-2026-9256 HIGH
8.1 May 22

Heap buffer overflow in NGINX Plus and NGINX Open Source ngx_http_rewrite_module allows unauthenticated remote attackers
CVE-2026-47269 HIGH
7.4 May 27

Authentication-context bypass in pam_usb before 0.9.0 lets a person holding an enrolled USB device authenticate over SSH
CVE-2026-47271 MEDIUM
5.1 May 27

pam_usb prior to 0.9.0 crashes under memory pressure due to assert()-based OOM guards in src/mem.c that are silently str
CVE-2026-45898
May 27

In the Linux kernel, the following vulnerability has been resolved: RDMA/iwcm: Fix workqueue list corruption by removin
CVE-2026-45924
May 27

In the Linux kernel, the following vulnerability has been resolved: ksmbd: call ksmbd_vfs_kern_path_end_removing() on s

Vendor StatusVendor

Debian

juju
Release Status Fixed Version Urgency
(unstable) fixed (unfixed) -

Share

CVE-2026-32693 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy