CVE-2026-5412

In Juju versions prior to 2.9.57 and 3.6.21, an authorization issue exists in the Controller facade. An authenticated user can call the CloudSpec API method to extract the cloud credentials used to bootstrap the controller. This allows a low-privileged user to access sensitive credentials. This issue is resolved in Juju versions 2.9.57 and 3.6.21.

CVSS v3 9.9 CRITICAL

9.9^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 3.1 / Impact : 6.0

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope CHANGED

References

Link	Resource
https://github.com/juju/juju/pull/22205	Issue Tracking Patch
https://github.com/juju/juju/pull/22206	Issue Tracking Patch
https://github.com/juju/juju/security/advisories/GHSA-w5fq-8965-c969	Exploit Third Party Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:canonical:juju::::::::
	cpe:2.3:a:canonical:juju::::::::

History

30 Apr 2026, 15:18

Type	Values Removed	Values Added
First Time		Canonical Canonical juju
CPE		cpe:2.3:a:canonical:juju::::::::
References	~~() https://github.com/juju/juju/pull/22205 -~~	() https://github.com/juju/juju/pull/22205 - Issue Tracking, Patch
References	~~() https://github.com/juju/juju/pull/22206 -~~	() https://github.com/juju/juju/pull/22206 - Issue Tracking, Patch
References	~~() https://github.com/juju/juju/security/advisories/GHSA-w5fq-8965-c969 -~~	() https://github.com/juju/juju/security/advisories/GHSA-w5fq-8965-c969 - Exploit, Third Party Advisory

10 Apr 2026, 13:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-04-10 13:16

Updated : 2026-04-30 15:18

NVD link : CVE-2026-5412

Mitre link : CVE-2026-5412

CVE.ORG link : CVE-2026-5412

JSON object : View

Products Affected

canonical

juju

CWE

CWE-285

Improper Authorization

{"id": "CVE-2026-5412", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security@ubuntu.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 9.9, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 6.0, "exploitabilityScore": 3.1}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2026-04-10T13:16:45.780", "references": [{"url": "https://github.com/juju/juju/pull/22205", "tags": ["Issue Tracking", "Patch"], "source": "security@ubuntu.com"}, {"url": "https://github.com/juju/juju/pull/22206", "tags": ["Issue Tracking", "Patch"], "source": "security@ubuntu.com"}, {"url": "https://github.com/juju/juju/security/advisories/GHSA-w5fq-8965-c969", "tags": ["Exploit", "Third Party Advisory"], "source": "security@ubuntu.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "security@ubuntu.com", "description": [{"lang": "en", "value": "CWE-285"}]}], "descriptions": [{"lang": "en", "value": "In Juju versions prior to 2.9.57 and 3.6.21, an authorization issue exists in the Controller facade. An authenticated user can call the CloudSpec API method to extract the cloud credentials used to bootstrap the controller. This allows a low-privileged user to access sensitive credentials. This issue is resolved in Juju versions 2.9.57 and 3.6.21."}], "lastModified": "2026-04-30T15:18:26.430", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:canonical:juju:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A2161D9F-0627-4EAF-A6FD-81B9056D31FC", "versionEndExcluding": "2.9.57"}, {"criteria": "cpe:2.3:a:canonical:juju:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2966CF99-1F57-40F3-8EFA-161BF47644DB", "versionEndExcluding": "3.6.21", "versionStartIncluding": "3.6"}], "operator": "OR"}]}], "sourceIdentifier": "security@ubuntu.com"}