LeakyCreds
NewInstant webhook alerts now available ā€” notified within seconds of any credential detection.Learn more ā†’
Home / Vulnerability Intelligence / CVE-2026-5412

CVE-2026-5412 - Vulnerability Analysis

CriticalCVSS: 9.9

Last Updated: April 13, 2026

Juju - Broken Access Control

Published: April 10, 2026Updated: April 13, 2026Remote Exploitable

Overview

Juju < 2.9.57 and < 3.6.21 contain an information disclosure vulnerability caused by an authorization issue in the Controller facade, letting authenticated users extract cloud credentials, exploit requires user authentication.

Severity & Score

Severity: Critical
CVSS Score: 9.9
EPSS Score: 3.7%(Probability of exploitation in next 30 days)

Impact

Low-privileged authenticated users can access sensitive cloud credentials, risking unauthorized access to cloud resources.

Mitigation

Update to versions 2.9.57 or 3.6.21 or later.

References

Social Media Activity(1 post)

TheHackerWire
TheHackerWire
@thehackerwire
Apr 11, 2026

šŸ”“ CVE-2026-5412 - Critical (9.9) In Juju versions prior to 2.9.57 and 3.6.21, an authorization issue exists in the Controller facade. An authenticated user can call the CloudSpec API method to extract the cloud credentials used to bootstrap the controller. This allows a low-privi... šŸ”— https://www.thehackerwire.com/vulnerability/CVE-2026-5412/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post

Related Resources

Details

CVE ID
CVE-2026-5412
Severity
Critical
CVSS Score
9.9
Type
broken_access_control
Status
unconfirmed
EPSS
3.7%
Social Posts
1

CWE

  • CWE-285

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

EPSS Score

3.7%Probability of exploitation in the next 30 days