CVE-2026-5774

Summary

Improper synchronization of the userTokens map in the API server in Canonical Juju 4.0.5, 3.6.20, and 2.9.56 may allow an authenticated user to possibly cause a denial of service on the server or possibly reuse a single-use discharge token.

Affected Software

VendorProductVersion RangeStatus
CanonicalJuju2.0.0 < 2.9.57affected
CanonicalJuju3.0.0 < 3.6.21affected
CanonicalJuju4.0.0 < 4.0.6affected

Weaknesses

  • CWE-362: CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: partial

Additional References

References