PT-2026-31910 · Canonical · Juju
Published
2026-04-10
·
Updated
2026-04-28
·
CVE-2026-5774
CVSS v3.1
6.4
Medium
| Vector | AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H |
Name of the Vulnerable Software and Affected Versions
Canonical Juju versions 2.9.56, 3.6.20, and 4.0.5
Description
Improper synchronization within the
userTokens map in the API server of Canonical Juju may allow an authenticated user to cause a denial of service on the server or potentially reuse a single-use discharge token.Recommendations
Update to a version later than 4.0.5
Update to a version later than 3.6.20
Update to a version later than 2.9.56
Exploit
Fix
Race Condition
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Juju