CVE-2026-32691

CVSS Score & Metrics

Base Score

5.3 / 10

Vector String

                                        CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N                                    

Vulnerability Description

A race condition in the secrets management subsystem of Juju versions 3.0.0 through 3.6.18 allows an authenticated unit agent to claim ownership of a newly initialized secret. Between generating a Juju Secret ID and creating the secret's first revision, an attacker authenticated as another unit agent can claim ownership of a known secret. This leads to the attacking unit being able to read the content of the initial secret revision.

Vulnerability Details

Published Date

March 18, 2026

Last Modified

March 19, 2026

CWE ID

CWE-708

Source

NVD

Vendor

Canonical

Product

Juju

External References

https://github.com/juju/juju/security/advisories/GHSA-gfgr-6hrj-85ww

CVSS Score & Metrics

Vulnerability Description

Vulnerability Details

External References

Discussion (0)

Add Comment