{"id":"CVE-2026-32693","details":"In Juju from version 3.0.0 through 3.6.18, the authorization of the \"secret-set\" tool is not performed correctly, which allows a grantee to update the secret content, and can lead to reading or updating other secrets. When the \"secret-set\" tool logs an error in an exploitation attempt, the secret is still updated contrary to expectations, and the new value is visible to both the owner and the grantee.","aliases":["GHSA-439w-v2p7-pggc","GO-2026-4777"],"modified":"2026-04-10T05:42:24.949420Z","published":"2026-03-18T13:16:18.860Z","related":["SUSE-SU-2026:1135-1"],"references":[{"type":"EVIDENCE","url":"https://github.com/juju/juju/security/advisories/GHSA-439w-v2p7-pggc"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/juju/juju","events":[{"introduced":"35c560704ee254219ae0c4a37810bde5278e99bb"},{"fixed":"5a261e58fcd3bd366b36229bfd1c46e6b3b61402"}],"database_specific":{"versions":[{"introduced":"3.0.0"},{"fixed":"3.6.19"}]}}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-32693.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}]}