CVE-2026-32694 in Jujuinfo

Zusammenfassung

von MITRE • 18.03.2026

In Juju from version 3.0.0 through 3.6.18, when a secret owner grants permissions to a secret to a grantee, the secret owner relies exclusively on a predictable XID of the secret to verify ownership. This allows a malicious grantee which can request secrets to predict past secrets granted by the same secret owner to different grantees, allowing them to use the resources granted by those past secrets. Successful exploitation relies on a very specific configuration, specific data semantic, and the administrator having the need to deploy at least two different applications, one of them controlled by the attacker.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Zuständig

Canonical

Reservieren

13.03.2026

Veröffentlichung

18.03.2026

Moderieren

akzeptiert

Eintrag

VDB-351529

CPE

bereit

CWE

CWE-343 (bestätigt)

CVSS

6.6 (CNA)

EPSS

0.00060

KEV

nein

Aktivitäten

very low

Quellen

MITRE	https://www.cve.org/CVERecord?id=CVE-2026-32694
NVD	https://nvd.nist.gov/vuln/detail/CVE-2026-32694
CVE Details	https://www.cvedetails.com/cve/CVE-2026-32694/

◂ Zurück Übersicht Weiter ▸

Interested in the pricing of exploits?

See the underground prices here!