CVE-2026-5774

UNKNOWN NVD

CVSS Score 0

Severity UNKNOWN

Published Apr 10, 2026

Vendor unknown

Description

Improper synchronization of the userTokens map in the API server in Canonical Juju 4.0.5, 3.6.20, and 2.9.56 may allow an authenticated user to possibly cause a denial of service on the server or possibly reuse a single-use discharge token.

References

https://github.com/juju/juju/pull/22205
https://github.com/juju/juju/pull/22206
https://github.com/juju/juju/security/advisories/GHSA-7m55-2hr4-pw78
https://github.com/juju/juju/security/advisories/GHSA-7m55-2hr4-pw78