CVE-2026-32694 - Vulnerability Analysis
MediumCVSS: 6.6Last Updated: March 19, 2026
Juju - Broken Access Control
Published: March 18, 2026Updated: March 19, 2026PoC AvailableRemote Exploitable
Overview
Juju 3.0.0 through 3.6.18 contains a broken access control caused by predictable secret XID verification, letting malicious grantees access past secrets granted to other grantees, exploit requires specific configuration and multiple applications including attacker-controlled one.
Severity & Score
Severity: Medium
CVSS Score: 6.6
Impact
Malicious grantees can access resources granted by past secrets of other grantees, leading to unauthorized resource use.
Mitigation
Update to a version later than 3.6.18 or the latest available version.
Related Resources
Details
- CVE ID
- CVE-2026-32694
- Severity
- Medium
- CVSS Score
- 6.6
- Type
- broken_access_control
- Status
- confirmed
CWE
- CWE-343
CVSS Metrics
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H