CVE-2026-32693HIGH 8.8EPSS p21.7%

CVE-2026-32693CVE-2026-32693

Description

In Juju from version 3.0.0 through 3.6.18, the authorization of the "secret-set" tool is not performed correctly, which allows a grantee to update the secret content, and can lead to reading or updating other secrets. When the "secret-set" tool logs an error in an exploitation attempt, the secret is still updated contrary to expectations, and the new value is visible to both the owner and the grantee.

Scoring

CVSS 3.18.8 (HIGH)
VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS0.30% probability of exploitation · percentile 21.7% · 2026-06-19T12:03:05Z
Published2026-03-18
Last modified2026-03-19

Underlying weaknesses· 3

CWE-284CWE-778CWE-863

References

  1. https://github.com/juju/juju/security/advisories/GHSA-439w-v2p7-pggc

3

TypeTargetConfidenceTier
WeaknessImproper Access Controlcwe-2840%live
WeaknessInsufficient Loggingcwe-7780%live
WeaknessIncorrect Authorizationcwe-8630%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-4370
CVE
CVE-2025-0928
CVE
CVE-2026-32643
CVE
CVE-2026-27173
CVE
CVE-2025-25268
CVE
CVE-2026-3605
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.