CVE-2026-1237
Cross-Model Authorization Bypass in Juju Enables Unauthorized Access
Publication date: 2026-01-28
Last updated on: 2026-01-28
Assigner: Canonical Ltd.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| juju | juju | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-347 | The product does not verify, or incorrectly verifies, the cryptographic signature for data. |
| CWE-672 | The product uses, accesses, or otherwise operates on a resource after that resource has been expired, released, or revoked. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability involves a flaw in juju's cross-model authorization. If a charm's cross-model permissions are revoked or expire, a malicious user who can update database records can create an invalid macaroon that the juju controller incorrectly validates. This allows the charm to keep permissions that should have been revoked or expired, enabling it to continue interacting with another charm and using its workload without permission.
How can this vulnerability impact me? :
The vulnerability allows a charm to maintain access and interact with another charm's workload even after its permissions have been revoked or expired. This unauthorized access can lead to misuse of resources, potential data exposure, or unintended operations within the juju environment.
What immediate steps should I take to mitigate this vulnerability?
Since no fix is available as of the time of writing, immediate mitigation steps are not specified. It is recommended to monitor juju charm permissions carefully and restrict database update access to trusted users only to reduce the risk of malicious macaroon minting.