PT-2026-26055 · Canonical · Juju
Harry Pidcock
·
Published
2026-03-18
·
Updated
2026-03-27
·
CVE-2026-32691
CVSS v3.1
5.3
Medium
| Vector | AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Juju versions 3.0.0 through 3.6.18
Description
A race condition exists in the secrets management subsystem. An authenticated unit agent can claim ownership of a newly initialized secret between the generation of a Juju Secret ID and the creation of the secret's first revision. This allows an attacker, authenticated as another unit agent, to claim ownership of a known secret and read the content of the initial secret revision.
Recommendations
Update to version 3.6.19 or later.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Juju