CVE-2026-5774 Improper — Exploit & Vulnerability Details MEDIUM

CVE-2026-5774

MEDIUM CVSS 4.0: 6.0 EPSS 0.01%

Parameter	Value
CVSS	6.0 (MEDIUM)
Type	CWE-362 (Race Condition)
Vendor	Improper
Public PoC	No

Improper synchronization of the userTokens map in the API server in Canonical Juju 4.0.5, 3.6.20, and 2.9.56 may allow an authenticated user to possibly cause a denial of service on the server or possibly reuse a single-use discharge token.

Attack Parameters

Attack Vector

Network

Can be exploited remotely

Attack Complexity

High

Difficult to exploit

Attack Requirements

Present

Additional conditions required

Privileges Required

Low

Basic privileges needed

User Interaction

None

No user interaction needed

Impact Assessment

Confidentiality

None

No data leak

Integrity

None

No data modification

Availability

High

Complete denial of service

CVSS Vector v4.0

Weakness Type (CWE)

CWE-362 Race Condition

References 3

https://github.com/juju/juju/pull/22205

security@ubuntu.com

https://github.com/juju/juju/pull/22206

security@ubuntu.com

https://github.com/juju/juju/security/advisories/GHSA-7m55-2hr4-pw78

security@ubuntu.com

Share Post Share Share Share

Related Vulnerabilities

CVE-2026-6442

Improper

8.3

CVE-2026-4829

Devolutions

5.4

CVE-2026-4828

Devolutions

8.2

CVE-2026-4396

Improper

8.1

CVE-2026-4295

Improper

8.5

Menu

CVE-2026-5774

Attack Parameters

Impact Assessment

CVSS Vector v4.0

Weakness Type (CWE)

References 3

Related Vulnerabilities

CVE-2026-6442

CVE-2026-4829

CVE-2026-4828

CVE-2026-4396

CVE-2026-4295

CVE Details

Editor's Choice

Menu

CVE-2026-5774

Attack Parameters

Impact Assessment

CVSS Vector v4.0

Weakness Type (CWE)

References 3

Related Vulnerabilities

CVE-2026-6442

CVE-2026-4829

CVE-2026-4828

CVE-2026-4396

CVE-2026-4295

CVE Details

Editor's Choice

Stay informed on cybersecurity