Critical severity9.1NVD Advisory· Published Apr 9, 2026· Updated Apr 22, 2026

CVE-2026-34179

Description

In Canonical LXD versions 4.12 through 6.7, the doCertificateUpdate function in lxd/certificates.go does not validate the Type field when handling PUT/PATCH requests to /1.0/certificates/{fingerprint} for restricted TLS certificate users, allowing a remote authenticated attacker to escalate privileges to cluster admin.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
github.com/canonical/lxdGo	>= 0.0.0-20210305023314-538ac3df036e, <= 0.0.0-20260226085519-736f34afb267	—

Affected products

Canonical (company)/Lxd
cpe:2.3:a:canonical:lxd:*:*:*:*:*:*:*:*
Range: >=4.12,<=5.0.6

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/canonical/lxd/pull/17936nvdIssue TrackingPatchWEB
github.com/advisories/GHSA-c3h3-89qf-jqm5ghsaADVISORY
github.com/canonical/lxd/security/advisories/GHSA-c3h3-89qf-jqm5nvdThird Party AdvisoryExploitWEB
nvd.nist.gov/vuln/detail/CVE-2026-34179ghsaADVISORY

News mentions

No linked articles in our index yet.

cvss	0.591
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000