{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-18T14:14:59.283","vulnerabilities":[{"cve":{"id":"CVE-2026-32694","sourceIdentifier":"security@ubuntu.com","published":"2026-03-18T14:16:40.503","lastModified":"2026-03-19T15:05:34.183","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In Juju from version 3.0.0 through 3.6.18, when a secret owner grants permissions to a secret to a grantee, the secret owner relies exclusively on a predictable XID of the secret to verify ownership. This allows a malicious grantee which can request secrets to predict past secrets granted by the same secret owner to different grantees, allowing them to use the resources granted by those past secrets. Successful exploitation relies on a very specific configuration, specific data semantic, and the administrator having the need to deploy at least two different applications, one of them controlled by the attacker."},{"lang":"es","value":"En Juju desde la versión 3.0.0 hasta la 3.6.18, cuando un propietario de secreto otorga permisos a un secreto a un beneficiario, el propietario del secreto se basa exclusivamente en un XID predecible del secreto para verificar la propiedad. Esto permite a un beneficiario malicioso que puede solicitar secretos predecir secretos pasados otorgados por el mismo propietario de secreto a diferentes beneficiarios, permitiéndoles usar los recursos otorgados por esos secretos pasados. La explotación exitosa se basa en una configuración muy específica, una semántica de datos específica y en que el administrador tenga la necesidad de desplegar al menos dos aplicaciones diferentes, una de ellas controlada por el atacante."}],"metrics":{"cvssMetricV31":[{"source":"security@ubuntu.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H","baseScore":6.6,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":0.7,"impactScore":5.9}]},"weaknesses":[{"source":"security@ubuntu.com","type":"Secondary","description":[{"lang":"en","value":"CWE-343"},{"lang":"en","value":"CWE-639"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:canonical:juju:*:*:*:*:*:*:*:*","versionStartIncluding":"3.0.0","versionEndExcluding":"3.6.19","matchCriteriaId":"3BAFE599-DF11-429B-9A8C-970BDB3065C8"}]}]}],"references":[{"url":"https://github.com/juju/juju/security/advisories/GHSA-5cj2-rqqf-hx9p","source":"security@ubuntu.com","tags":["Exploit","Vendor Advisory"]}]}}]}