CVE-2026-1237

Vulnerable cross-model authorization in juju. If a charm's cross-model permissions are revoked or expire, a malicious user who is able to update database records can mint an invalid macaroon that is incorrectly validated by the juju controller, enabling a charm to maintain otherwise revoked or expired permissions. This allows a charm to continue relating to another charm in a cross-model relation, and use their workload without their permission. No fix is available as of the time of writing.

CVSS

No CVSS.

References

Link	Resource
https://github.com/juju/juju/security/advisories/GHSA-j477-6vpg-6c8x

Configurations

No configuration.

History

15 Apr 2026, 00:35

Type	Values Removed	Values Added
Summary		(es) Autorización entre modelos vulnerable en juju. Si los permisos entre modelos de un charm son revocados o expiran, un usuario malintencionado que es capaz de actualizar registros de la base de datos puede acuñar un macaroon inválido que es validado incorrectamente por el controlador de juju, permitiendo que un charm mantenga permisos que de otro modo estarían revocados o expirados. Esto permite a un charm continuar relacionándose con otro charm en una relación entre modelos, y usar su carga de trabajo sin su permiso. No hay solución disponible al momento de escribir.

28 Jan 2026, 15:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-01-28 15:16

Updated : 2026-04-15 00:35

NVD link : CVE-2026-1237

Mitre link : CVE-2026-1237

CVE.ORG link : CVE-2026-1237

JSON object : View

Products Affected

No product.

CWE

CWE-347

Improper Verification of Cryptographic Signature

CWE-672

Operation on a Resource after Expiration or Release

{"id": "CVE-2026-1237", "cveTags": [], "metrics": {"cvssMetricV40": [{"type": "Secondary", "source": "security@ubuntu.com", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 2.1, "Automatable": "NOT_DEFINED", "attackVector": "ADJACENT", "baseSeverity": "LOW", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:A/AC:H/AT:P/PR:L/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "HIGH", "attackRequirements": "PRESENT", "privilegesRequired": "LOW", "subIntegrityImpact": "LOW", "vulnIntegrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "LOW", "vulnAvailabilityImpact": "LOW", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "LOW", "vulnConfidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2026-01-28T15:16:16.363", "references": [{"url": "https://github.com/juju/juju/security/advisories/GHSA-j477-6vpg-6c8x", "source": "security@ubuntu.com"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Secondary", "source": "security@ubuntu.com", "description": [{"lang": "en", "value": "CWE-347"}, {"lang": "en", "value": "CWE-672"}]}], "descriptions": [{"lang": "en", "value": "Vulnerable cross-model authorization in juju. If a charm's cross-model permissions are revoked or expire, a malicious user who is able to update database records can mint an invalid macaroon that is incorrectly validated by the juju controller, enabling a charm to maintain otherwise revoked or expired permissions. This allows a charm to continue relating to another charm in a cross-model relation, and use their workload without their permission. No fix is available as of the time of writing."}, {"lang": "es", "value": "Autorizaci\u00f3n entre modelos vulnerable en juju. Si los permisos entre modelos de un charm son revocados o expiran, un usuario malintencionado que es capaz de actualizar registros de la base de datos puede acu\u00f1ar un macaroon inv\u00e1lido que es validado incorrectamente por el controlador de juju, permitiendo que un charm mantenga permisos que de otro modo estar\u00edan revocados o expirados. Esto permite a un charm continuar relacion\u00e1ndose con otro charm en una relaci\u00f3n entre modelos, y usar su carga de trabajo sin su permiso. No hay soluci\u00f3n disponible al momento de escribir."}], "lastModified": "2026-04-15T00:35:42.020", "sourceIdentifier": "security@ubuntu.com"}