Executive Summary

CVE-2026-4370 is a critical security vulnerability in Juju controllers (versions 3.2.0 to 3.6.19 and 4.0 to 4.0.4) related to improper TLS client and server authentication within the internal Dqlite database cluster.

Specifically, the Juju controller's database endpoint does not validate client certificates when a new node attempts to join the cluster. This means an attacker with network access to the Juju controller's Dqlite port can join the database cluster without proper authentication.

Once the attacker joins the cluster, they gain full read and write access to the underlying database, allowing them to read, modify data, escalate privileges, and compromise the entire cluster.

Useful 0 Not Useful 0

Impact Analysis

This vulnerability allows an unauthenticated attacker with network access to the Juju controller's Dqlite port to join the database cluster as a rogue member.

The attacker can then read and modify all cluster data, including sensitive user information, escalate privileges, and potentially open firewall ports.

This leads to total data compromise within the Juju controller's database cluster, severely impacting the confidentiality, integrity, and availability of your system.

Useful 0 Not Useful 0

Detection Guidance

This vulnerability can be detected by monitoring network traffic to the Juju controller's Dqlite cluster port (default port 17666) for unauthorized or unexpected connections, as the flaw allows unauthenticated attackers to join the cluster.

A practical detection method involves checking for any unknown clients connecting to port 17666 on the Juju controller, which should normally only accept connections from trusted controller IPs.

While no specific detection commands are provided, network administrators can use tools like netstat, ss, or tcpdump to monitor connections on port 17666. For example:

• netstat -an | grep 17666
• ss -tnlp | grep 17666
• tcpdump -i <interface> port 17666

Additionally, reviewing Juju controller logs for unexpected cluster join events or anomalies may help detect exploitation attempts.

Useful 0 Not Useful 0

Mitigation Strategies

The primary and recommended mitigation is to upgrade Juju to patched versions 3.6.20 or 4.0.5 or later, where the TLS authentication flaw is fixed.

If immediate patching is not possible, temporary mitigations include:

• Restrict network access to port 17666 so that only trusted Juju controller IP addresses can connect.
• Disable High Availability (HA) by reducing to a single Juju controller and blocking all incoming and outgoing connections on port 17666.

These mitigations reduce exposure but do not fix the underlying TLS verification flaw, so upgrading remains essential.

Useful 0 Not Useful 0

Compliance Impact

This vulnerability allows an unauthenticated attacker to join the Juju controller's internal Dqlite database cluster and gain full read and write access to sensitive data, including user information. Such unauthorized access and potential data modification represent a severe security breach.

Because the attacker can compromise the confidentiality, integrity, and availability of data, this flaw could lead to violations of common data protection standards and regulations such as GDPR and HIPAA, which require strict controls over access to sensitive personal and health information.

Failure to properly authenticate and secure access to critical databases may result in non-compliance with these regulations, potentially leading to legal penalties, loss of trust, and damage to organizational reputation.

Useful 0 Not Useful 0