CVE-2026-32693

CVSS v3.1

8.8

High

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

In Juju from version 3.0.0 through 3.6.18, the authorization of the "secret-set" tool is not performed correctly, which allows a grantee to update the secret content, and can lead to reading or updating other secrets. When the "secret-set" tool logs an error in an exploitation attempt, the secret is still updated contrary to expectations, and the new value is visible to both the owner and the grantee.

Fix

Incorrect Authorization

Improper Access Control

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-863CWE-778CWE-284

Related Identifiers

CVE-2026-32693

Affected Products

Juju

CVE-2026-32693

Weakness Enumeration

Related Identifiers

Affected Products

References · 2