CVE-2026-32693 Overview
CVE-2026-32693 is an authorization bypass vulnerability in Canonical Juju affecting versions 3.0.0 through 3.6.18. The vulnerability exists in the secret-set tool where authorization checks are not performed correctly, allowing a grantee to update secret content beyond their intended permissions. This flaw can lead to unauthorized reading or updating of other secrets within the Juju environment. Notably, when the secret-set tool logs an error during an exploitation attempt, the secret is still updated contrary to expected behavior, making the new value visible to both the owner and the grantee.
Critical Impact
Attackers with low-level privileges can exploit improper authorization in the secret-set tool to read and modify secrets they should not have access to, potentially compromising sensitive credentials and configuration data across the Juju deployment.
Affected Products
- Canonical Juju versions 3.0.0 through 3.6.18
Discovery Timeline
- 2026-03-18 - CVE-2026-32693 published to NVD
- 2026-03-19 - Last updated in NVD database
Technical Details for CVE-2026-32693
Vulnerability Analysis
This vulnerability is classified under CWE-284 (Improper Access Control), indicating a fundamental flaw in how the Juju application enforces authorization boundaries. The core issue lies in the secret-set tool's failure to properly validate whether a user has the appropriate permissions before allowing modifications to secret content.
The authorization bypass is particularly concerning because it enables lateral movement within Juju's secrets management system. A grantee with legitimate but limited access to certain secrets can exploit this flaw to access and modify secrets belonging to other users or applications. The vulnerability has a network-based attack vector requiring only low privileges and no user interaction, making it relatively easy to exploit once an attacker has any level of authenticated access to the Juju environment.
Root Cause
The root cause of this vulnerability stems from incorrect authorization logic in the secret-set tool. When a grantee attempts to update a secret, the authorization check fails to properly validate the scope of their permissions. Additionally, there is a logic error where secret updates are committed even when the tool logs an authorization error, suggesting a failure in the error handling flow that allows the operation to proceed despite detecting the unauthorized access attempt.
Attack Vector
An attacker who has been granted access to any secret in the Juju environment can exploit this vulnerability remotely over the network. The exploitation requires low privileges (authenticated access as a grantee), does not need user interaction, and can result in unauthorized access to confidential secret data across the deployment. The attacker can leverage the flawed authorization in secret-set to enumerate and modify secrets beyond their authorized scope.
The vulnerability allows both confidentiality and integrity impacts, as attackers can read secrets they shouldn't have access to and modify secret values that could affect other applications relying on those secrets.
Detection Methods for CVE-2026-32693
Indicators of Compromise
- Unexpected modifications to secrets by users who should only have read access
- Authorization error logs from the secret-set tool paired with successful secret updates
- Secret access patterns showing grantees accessing secrets outside their normal scope
Detection Strategies
- Monitor Juju audit logs for secret-set operations that generate authorization errors followed by successful secret modifications
- Implement alerting on any secret updates performed by grantees rather than secret owners
- Review access control configurations for secrets to identify overly permissive grants
Monitoring Recommendations
- Enable detailed logging for all secrets management operations in Juju
- Configure alerts for anomalous secret access patterns, particularly cross-scope access attempts
- Regularly audit the relationship between grantees and the secrets they are accessing
How to Mitigate CVE-2026-32693
Immediate Actions Required
- Upgrade Canonical Juju to a patched version beyond 3.6.18
- Review and audit all existing secret grants to identify potentially compromised secrets
- Rotate any sensitive secrets that may have been accessed by unauthorized grantees
- Limit secret grants to only essential personnel until the patch is applied
Patch Information
Canonical has released security updates to address this vulnerability. Users should upgrade to a Juju version newer than 3.6.18. For detailed patch information and release notes, refer to the GitHub Security Advisory GHSA-439w-v2p7-pggc.
Workarounds
- Temporarily revoke secret grants from non-essential grantees until patching is complete
- Implement additional monitoring layers to detect unauthorized secret access
- Consider isolating critical secrets in separate Juju models with restricted access
- Apply network segmentation to limit exposure of the Juju controller
# Review current secret grants in Juju
juju secrets --show-grants
# Revoke unnecessary grants as a temporary mitigation
juju grant-secret <secret-name> --revoke <grantee>
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
