CVE-2026-5774

< 2.9.57

Improper synchronization of the userTokens map in the API server in Canonical Juju 4.0.5, 3.6.20, and 2.9.56 may allow an authen

6.4MEDIUM

CVE-2026-5412

< 2.9.57

In Juju versions prior to 2.9.57 and 3.6.21, an authorization issue exists in the Controller facade. An authenticated user can cal

9.9CRITICAL

CVE-2025-68153

>= 2.9 and <= 2.9.55

Juju is an open source application orchestration engine that enables any application operation on any infrastructure at any scale

6.5MEDIUM

CVE-2025-68152

>= 2.9 and <= 2.9.55

Juju is an open source application orchestration engine that enables any application operation on any infrastructure at any scale

4.9MEDIUM

CVE-2026-4370

>= 3.2.0 and < 3.6.20

A vulnerability was identified in Juju from version 3.2.0 until 3.6.19 and from version 4.0 until 4.0.4, where the internal Dqlite

10.0CRITICAL

CVE-2026-32694

>= 3.0.0 and < 3.6.19

In Juju from version 3.0.0 through 3.6.18, when a secret owner grants permissions to a secret to a grantee, the secret owner relie

6.6MEDIUM

CVE-2026-32693

>= 3.0.0 and < 3.6.19

In Juju from version 3.0.0 through 3.6.18, the authorization of the "secret-set" tool is not performed correctly, which allows a g

8.8HIGH

CVE-2026-32692

>= 3.1.6 and < 3.6.19

An authorization bypass vulnerability in the Vault secrets back-end implementation of Juju versions 3.1.6 through 3.6.18 allows an

7.6HIGH

CVE-2026-32691

>= 3.0.0 and < 3.6.19

A race condition in the secrets management subsystem of Juju versions 3.0.0 through 3.6.18 allows an authenticated unit agent to c

5.3MEDIUM

CVE-2025-0928

< 2.9.52

In Juju versions prior to 3.6.8 and 2.9.52, any authenticated controller user was allowed to upload arbitrary agent binaries to an

8.8HIGH

CVE-2025-53513

< 2.9.52

The /charms endpoint on a Juju controller lacked sufficient authorization checks, allowing any user with an account on the control

8.8HIGH

CVE-2025-53512

< 2.9.52

The /log endpoint on a Juju controller lacked sufficient authorization checks, allowing unauthorized users to access debug message

6.5MEDIUM

CVE-2023-0092

>= 2.9.22 and < 2.9.38

An authenticated user who has read access to the juju controller model, may construct a remote request to download an arbitrary fi

4.9MEDIUM

CVE-2024-8038

< 2.9.51

Vulnerable juju introspection abstract UNIX domain socket. An abstract UNIX domain socket responsible for introspection is availab

7.9HIGH

CVE-2024-8037

< 2.9.51

Vulnerable juju hook tool abstract UNIX domain socket. When combined with an attack of JUJU_CONTEXT_ID, any user on the local syst

6.5MEDIUM

CVE-2024-7558

< 2.9.51

JUJU_CONTEXT_ID is a predictable authentication secret. On a Juju machine (non-Kubernetes) or Juju charm container (on Kubernetes)

8.7HIGH

CVE-2024-6984

>= 2.9 and < 2.9.50

An issue was discovered in Juju that resulted in the leak of the sensitive context ID, which allows a local unprivileged attacker

8.8HIGH

CVE-2015-1316

< 1.25.5

Juju Core's Joyent provider before version 1.25.5 uploads the user's private ssh key.

6.4MEDIUM

CVE-2017-9232

<= 1.25.12

Juju before 1.25.12, 2.0.x before 2.0.4, and 2.1.x before 2.1.3 uses a UNIX domain socket without setting appropriate permissions,

9.8CRITICAL