CVE-2026-32694 — Juju affected by Confused Deputy IDOR attack via Predictable user specified ID i · VulnScope

CVE-2026-32694

Juju affected by Confused Deputy IDOR attack via Predictable user specified ID in Juju Secrets in github.com/juju/juju

6.6

MEDIUM

CVSS 3.1

EPSS 0.06%

Description

Juju affected by Confused Deputy IDOR attack via Predictable user specified ID in Juju Secrets in github.com/juju/juju

How to fix CVE-2026-32694

To remediate CVE-2026-32694, upgrade the affected package to a fixed version below.

Go/github.com/juju/juju—upgrade to 0.0.0-20260319091847-d06919eb03ec or later
—upgrade to 0.0.0-20260319091847-d06919eb03ec or later

Is CVE-2026-32694 being exploited?

Low — EPSS is 0.1%, meaning exploitation activity has not been observed at scale.

Affected packages (2)

>= 0.0.0-20221021155847-35c560704ee2, < 0.0.0-20260319091847-d06919eb03ec
>= 0.0.0-20221021155847-35c560704ee2, < 0.0.0-20260319091847-d06919eb03ec

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	MEDIUM6.6	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

References (4)