CVE-2026-4370 - Vulnerability Analysis
CriticalCVSS: 10.0Last Updated: April 1, 2026
Juju - Authentication Bypass
Published: April 1, 2026Updated: April 1, 2026Remote Exploitable
Overview
Juju 3.2.0 to 3.6.19 and 4.0 to 4.0.4 contains a broken authentication caused by improper TLS client and server authentication in the internal Dqlite database cluster, letting unauthenticated attackers with network access join the cluster and gain full database access.
Severity & Score
Severity: Critical
CVSS Score: 10.0
Impact
Unauthenticated attackers can join the database cluster and gain full read and write access, leading to total data compromise.
Mitigation
Update to a version later than 3.6.19 or 4.0.4 or the latest available version.
Related Resources
Details
- CVE ID
- CVE-2026-4370
- Severity
- Critical
- CVSS Score
- 10.0
- Type
- broken_authentication
- Status
- new
CWE
- CWE-295
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H