CVE-2026-32694 affects Canonical's Juju orchestration tool from versions 3.0.0 through 3.6.18. The vulnerability stems from the secret ownership verification mechanism relying exclusively on a predictable secret XID (an identifier). When a secret owner grants permissions to a secret to a grantee, the grantee can predict the XIDs of past secrets granted by the same owner to other grantees. This predictability allows a malicious grantee, who can request secrets and controls at least one deployed application, to infer and access secrets not intended for them. The flaw is categorized under CWE-343 (Predictable Value) and CWE-639 (Authorization Bypass Through User-Controlled Key). Exploitation requires a very specific environment: the administrator must deploy at least two different applications, one controlled by the attacker, and the attacker must have elevated privileges (PR:H) but no user interaction is needed. The vulnerability impacts confidentiality, integrity, and availability of secrets and resources dependent on them. Although no exploits are currently known in the wild, the predictable XID mechanism represents a significant design weakness in secret management within Juju. The CVSS 3.1 score is 6.6, indicating medium severity, with network attack vector, high attack complexity, and high privileges required.

If exploited, this vulnerability allows a malicious grantee with elevated privileges to access secrets that were granted to other grantees by the same secret owner, potentially leading to unauthorized access to sensitive credentials, configuration data, or other protected resources. This compromises confidentiality and integrity of secrets and can disrupt availability if critical resources are manipulated or revoked. In multi-tenant or multi-application Juju deployments, attackers could leverage this to escalate privileges or move laterally across applications and services. The impact is particularly severe in environments where secrets control access to critical infrastructure or cloud resources. Although exploitation requires specific conditions, the potential for unauthorized access to multiple secrets makes this a significant risk for organizations relying on Juju for orchestration and secret management.

Organizations should upgrade Juju to versions later than 3.6.18 where this vulnerability is addressed. Until patches are available or applied, administrators should avoid deploying configurations where multiple applications are managed with shared secret owners, especially if one application is controlled by an untrusted party. Implement strict access controls and monitoring on secret requests and usage. Consider segregating secret owners per application or tenant to reduce the risk of cross-application secret inference. Review and enhance secret generation and verification mechanisms to avoid predictable identifiers. Employ network segmentation and least privilege principles to limit the impact of compromised grantees. Regularly audit secret access logs for anomalous patterns indicative of exploitation attempts.