Security Flaw in Juju Database Cluster by Canonical
CVE-2026-4370

10CRITICAL

Key Information:

Vendor: Canonical
Status: Juju
Vendor: CVE Published:; 1 April 2026

What is CVE-2026-4370?

A flaw exists in Juju’s Dqlite database cluster where the system fails to properly authenticate TLS client and server connections. This can lead to unauthorized nodes joining the database cluster, where they can gain full access to database operations. An attacker with network access can exploit this vulnerability to compromise data integrity and confidentiality significantly.

Affected Version(s)

Juju Linux 3.2.0 < 3.6.20

Juju Linux 4.0 < 4.0.4

References

https://github.com/juju/juju/security/advisories/GHSA-gvr...

CVSS V3.1

Score:

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 1, 2026
Vulnerability Reserved
Mar 18, 2026

Credit

Harry Pidcock

Joseph Phillips

Ian Booth

CVE-2026-4370 Data

JSON