Skip to main content
A Leader in the 2026 Gartner® Magic Quadrant™ for Endpoint Protection. Six years running.Find Out Why
  • Experiencing a breach?
  • Blog
  • Careers

  • Platform & Products

    • Singularity™ Platform

      Unified Enterprise Security. Machine-Speed Protection, Intelligence, and Response.

    • XDR

      Native and Open Protection, Detection, and Response.

    • Integrations and Partners

      One-Click Integrations to Unlock the Power of SentinelOne.

    Product Tours
    Pricing & Packages
    Get a Demo

  • Solutions & Use Cases

    SentinelOne for Industries

    Security Tuned for Your Industry.

    See All Industries
    • Healthcare

      Protect Patient Data. Keep Clinical Systems Online.

    • Financial Services

      Stop Fraud and Ransomware. Stay Audit-Ready.

    • Federal Government

      FedRAMP and IL5-Ready Defense for Federal Missions.

    • Manufacturing

      Defend OT, IT, IIOT, and Supply Chains at Scale.

    • Energy

      Secure OT Systems and Critical Infrastructure.

    • Transportation and Logistics

      Defend Operations Across Fleet, Port, and Rail.

    • Higher Education

      Protect Open Networks Without Slowing Research.

    • K-12 Education

      Stop Ransomware. Protect Students, Staff, and Data.

    • Retail and Hospitality

      Defend Your Brand, Customer Data, and Bottom Line.

    • SMB & Startups

      Enterprise-Grade Defense for Fast Teams.

    See all solutions

  • Services

    Managed Services

    Wayfinder Threat Detection and Response.

    Learn More
    • Threat Hunting

      World-Class Expertise and Threat Intelligence.

    • Managed Detection and Response

      24/7 Expert MDR Across Your Entire Environment.

    • Incident Readiness and Response

      DFIR, Breach Readiness, and Compromise Assessments.

    Experiencing a breach?

    Our experts are here to help 24/7.

    1-855-868-3733
    Get Help Now

  • Partners

    Become a Partner

    • Become a SentinelOne Partner

      Join the Global SentinelOne Ecosystem

    • Explore MSSP Solutions

      Services Succeed Faster with SentinelOne

    • Form a Technology Alliance

      Integrated, Enterprise-Scale Solutions

    Find a Partner

    • Enlist a Response or Advisory Team

      Enlist Pro Response and Advisory Teams

    • SentinelOne for AWS

      Hosted Across AWS Regions Worldwide

    • SentinelOne for Google

      Unified, Autonomous Security Giving Defenders the Advantage at Global Scale

    • Partner Locator

      Your Go-to Source for Our Top Partners in Your Region

    • Singularity Marketplace

      One-Click Integrations for Unified Prevention, Detection, and Response

      Explore integrations
    Partner Portal Login

  • Why SentinelOne

    • Why Choose SentinelOne

      AI-Powered Cybersecurity Built to Secure What’s Next.

    • Our Customers

      Trusted by the World’s Leading Companies.

    • Industry Awards & Recognition

      Tested and Proven by the Experts.

  • Resources & Support

    Resources

    • Resource Center
    • Webinars
    • Cybersecurity Blog
    • Events
    • Newsroom

    Company

    • About SentinelOne
    • Careers
    • S Ventures
    • S Foundation
    • Dataset
    • FAQ
    • Investors Relations

    Customer Success & Support

    • Live and On-Demand Training
    • Guided Onboarding & Deployment
    • Technical Account Management
    • Support Services
    • Customer Portal
    • Get Support Now

    Explore

    • Vulnerability Database
    • SentinelLABS Threat Research
    • Ransomeware Anthology
    • Cybersecurity 101
    EventJoin us at OneCon (Oct. 20–22, 2026)
    CompetitionThreat Hunting World Championship 2026
    ReportThe SentinelOne Annual Threat Report
  • Pricing
Get StartedContact us

Explore SentinelOne

  • Pricing
Events
Get StartedContact us
CVE Vulnerability Database
Vulnerability Database/CVE-2026-32693

CVE-2026-32693: Canonical Juju Auth Bypass Vulnerability

CVE-2026-32693 is an authorization bypass flaw in Canonical Juju versions 3.0.0 through 3.6.18 that allows unauthorized secret content updates. This article covers technical details, affected versions, and mitigation.

Published: March 20, 2026

CVE-2026-32693 Overview

CVE-2026-32693 is an authorization bypass vulnerability in Canonical Juju affecting versions 3.0.0 through 3.6.18. The vulnerability exists in the secret-set tool where authorization checks are not performed correctly, allowing a grantee to update secret content beyond their intended permissions. This flaw can lead to unauthorized reading or updating of other secrets within the Juju environment. Notably, when the secret-set tool logs an error during an exploitation attempt, the secret is still updated contrary to expected behavior, making the new value visible to both the owner and the grantee.

Critical Impact

Attackers with low-level privileges can exploit improper authorization in the secret-set tool to read and modify secrets they should not have access to, potentially compromising sensitive credentials and configuration data across the Juju deployment.

Affected Products

  • Canonical Juju versions 3.0.0 through 3.6.18

Discovery Timeline

  • 2026-03-18 - CVE-2026-32693 published to NVD
  • 2026-03-19 - Last updated in NVD database

Technical Details for CVE-2026-32693

Vulnerability Analysis

This vulnerability is classified under CWE-284 (Improper Access Control), indicating a fundamental flaw in how the Juju application enforces authorization boundaries. The core issue lies in the secret-set tool's failure to properly validate whether a user has the appropriate permissions before allowing modifications to secret content.

The authorization bypass is particularly concerning because it enables lateral movement within Juju's secrets management system. A grantee with legitimate but limited access to certain secrets can exploit this flaw to access and modify secrets belonging to other users or applications. The vulnerability has a network-based attack vector requiring only low privileges and no user interaction, making it relatively easy to exploit once an attacker has any level of authenticated access to the Juju environment.

Root Cause

The root cause of this vulnerability stems from incorrect authorization logic in the secret-set tool. When a grantee attempts to update a secret, the authorization check fails to properly validate the scope of their permissions. Additionally, there is a logic error where secret updates are committed even when the tool logs an authorization error, suggesting a failure in the error handling flow that allows the operation to proceed despite detecting the unauthorized access attempt.

Attack Vector

An attacker who has been granted access to any secret in the Juju environment can exploit this vulnerability remotely over the network. The exploitation requires low privileges (authenticated access as a grantee), does not need user interaction, and can result in unauthorized access to confidential secret data across the deployment. The attacker can leverage the flawed authorization in secret-set to enumerate and modify secrets beyond their authorized scope.

The vulnerability allows both confidentiality and integrity impacts, as attackers can read secrets they shouldn't have access to and modify secret values that could affect other applications relying on those secrets.

Detection Methods for CVE-2026-32693

Indicators of Compromise

  • Unexpected modifications to secrets by users who should only have read access
  • Authorization error logs from the secret-set tool paired with successful secret updates
  • Secret access patterns showing grantees accessing secrets outside their normal scope

Detection Strategies

  • Monitor Juju audit logs for secret-set operations that generate authorization errors followed by successful secret modifications
  • Implement alerting on any secret updates performed by grantees rather than secret owners
  • Review access control configurations for secrets to identify overly permissive grants

Monitoring Recommendations

  • Enable detailed logging for all secrets management operations in Juju
  • Configure alerts for anomalous secret access patterns, particularly cross-scope access attempts
  • Regularly audit the relationship between grantees and the secrets they are accessing

How to Mitigate CVE-2026-32693

Immediate Actions Required

  • Upgrade Canonical Juju to a patched version beyond 3.6.18
  • Review and audit all existing secret grants to identify potentially compromised secrets
  • Rotate any sensitive secrets that may have been accessed by unauthorized grantees
  • Limit secret grants to only essential personnel until the patch is applied

Patch Information

Canonical has released security updates to address this vulnerability. Users should upgrade to a Juju version newer than 3.6.18. For detailed patch information and release notes, refer to the GitHub Security Advisory GHSA-439w-v2p7-pggc.

Workarounds

  • Temporarily revoke secret grants from non-essential grantees until patching is complete
  • Implement additional monitoring layers to detect unauthorized secret access
  • Consider isolating critical secrets in separate Juju models with restricted access
  • Apply network segmentation to limit exposure of the Juju controller
bash
# Review current secret grants in Juju
juju secrets --show-grants

# Revoke unnecessary grants as a temporary mitigation
juju grant-secret <secret-name> --revoke <grantee>

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

  • Vulnerability Details
  • TypeAuth Bypass
  • Vendor/TechCanonical Juju
  • SeverityHIGH
  • CVSS Score8.8
  • EPSS Probability0.05%
  • Known ExploitedNo
  • CVSS Vector
  • CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • Impact Assessment
  • ConfidentialityLow
  • IntegrityNone
  • AvailabilityHigh
  • CWE References
  • CWE-284
  • Vendor Resources
  • GitHub Security Advisory
  • Related CVEs
  • CVE-2026-4370: Canonical Juju Auth Bypass Vulnerability
  • CVE-2026-32692: Canonical Juju Auth Bypass Vulnerability
  • CVE-2026-32691: Canonical Juju Race Condition Vulnerability
Default Legacy - Prefooter | Experience the World’s Most Advanced Cybersecurity Platform

Experience the Most Advanced Cybersecurity Platform

See how the world’s most intelligent, autonomous cybersecurity platform can protect your organization today and into the future.

Try SentinelOne
Get a DemoContact Us
  • Product Tours
  • Why SentinelOne
  • Pricing & Packages
  • FAQ
  • SentinelOne Status

Key Products & Solutions

  • Singularity Platform
  • Singularity Endpoint
  • Singularity Cloud
  • Prompt Security
  • Singularity AI-SIEM
  • Singularity Identity
  • Singularity Marketplace
  • Purple AI
  • Explore Solutions

Services

  • Wayfinder TDR
  • Managed Detection and Response
  • Threat Hunting
  • Incident Readiness
& Response
  • Technical Account Management
  • Guided Onboarding 
& Deployment
  • Support Services

Company

  • About Us
  • Our Customers
  • Careers
  • Partners
  • S1 Foundation
  • S1 Ventures
  • Legal Information
  • Security & Compliance
  • Investor Relations

Quick Links

  • Customer Portal
  • Partner Portal
  • Become a Partner
  • Resource Center
  • SentinelLABS Threat Research
  • Blog
  • Press Center
  • Cybersecurity 101
  • Events
  • Ransomware Anthology
©2026 SentinelOne, All Rights Reserved
Privacy NoticeTerms of Use
English
English