EUVD-2026-4900

Juju has broken CMR authorization...

GHSA-J477-6VPG-6C8X Juju has broken CMR authorization

Impact Cross-model Relation authorization is broken and has a potential security vulnerability. If the controller does not have the root key to verify the macaroon or if the macaroon has expired, an unvalidated and therefore untrusted macaroon is used to extract declared caveats. Facts from these...

Operation on a Resource after Expiration or Release

Overview Affected versions of this package are vulnerable to Operation on a Resource after Expiration or Release in the macaroon validation for cross-model authorization. An attacker can maintain unauthorized access to resources by crafting and submitting an invalid macaroon that is incorrectly...

CVE-2026-1237

Vulnerable cross-model authorization in juju. If a charm's cross-model permissions are revoked or expire, a malicious user who is able to update database records can mint an invalid macaroon that is incorrectly validated by the juju controller, enabling a charm to maintain otherwise revoked or...

CVE-2026-1237

Vulnerable cross-model authorization in juju. If a charm's cross-model permissions are revoked or expire, a malicious user who is able to update database records can mint an invalid macaroon that is incorrectly validated by the juju controller, enabling a charm to maintain otherwise revoked or...

CVE-2026-1237

Summary: CVE-2026-1237 describes a vulnerability in Juju where broken cross-model authorization allows a charm to retain access after permissions are revoked or expired by minting an invalid macaroon that the controller erroneously accepts. The root cause is that the Juju controller may fail to v...

Juju security vulnerabilities

Juju is a publicly available application orchestration engine developed by Canonical Juju. There is a security vulnerability in Juju, which stems from a flaw in cross-model authorization. This vulnerability could allow malicious users to maintain privileges that have been revoked or expired...