CVE-2026-5774
Last modified
CVE-2026-5774 is a medium-severity vulnerability rated 6/10 on the CVSS scale. Improper synchronization of the userTokens map in the API server in Canonical Juju 4.0.5, 3.6.20, and 2.9.56 may allow an authenticated user to possibly cause a denial of service on the server or possibly reuse a single-use discharge token.. EPSS estimates a 0.24% chance of exploitation in the next 30 days.
Description
Improper synchronization of the userTokens map in the API server in Canonical Juju 4.0.5, 3.6.20, and 2.9.56 may allow an authenticated user to possibly cause a denial of service on the server or possibly reuse a single-use discharge token.
Metrics
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H
CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Canonical | Juju | < 2.9.57 |
| Canonical | Juju | >= 3.0, < 3.6.21 |
| Canonical | Juju | >= 4.0, < 4.0.6 |
References
- https://github.com/juju/juju/pull/22205Issue Tracking
- https://github.com/juju/juju/pull/22206Issue Tracking
- https://github.com/juju/juju/security/advisories/GHSA-7m55-2hr4-pw78Exploit, Third Party Advisory
- https://github.com/juju/juju/security/advisories/GHSA-7m55-2hr4-pw78Exploit, Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Analyzed
Frequently Asked Questions
What is CVE-2026-5774?
How severe is CVE-2026-5774?
How do I fix CVE-2026-5774?
Are you affected by CVE-2026-5774?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST