AIKIDO-2026-10132
github.com/canonical/pebble is vulnerable to Missing Authorization
71
High Risk
This Affects:
github.com/canonical/pebbleTL;DR
Affected versions of this package are vulnerable to Unauthenticated Access to Sensitive Configuration via /v1/plan API, where the /v1/plan endpoint was accessible without admin privileges, allowing non-admin users to retrieve application plans that may include environment variables containing secrets, credentials, or tokens; an attacker with basic access to Pebble could exploit this by querying the endpoint to harvest sensitive configuration data, pivot to other systems using leaked credentials, escalate privileges, or facilitate further compromise without requiring direct code execution or elevated permissions.
Who does this affect?
You are affected if you are using a version that falls within the vulnerable range.
Background info
github.com/canonical/pebble is vulnerable to Missing Authorization in versions 1.0.0 - 1.27.0.
How to fix this
Upgrade the github.com/canonical/pebble library to the patch version.
Are You Affected?
Connect your repositories to instantly see whether vulnerable or malicious packages exist in your codebase.
Free. No credit card required.
SOC 2Compliant
ISO 27001Compliant