Unrated severityNVD Advisory· Published Jun 27, 2026

Debian lxd: Nil-pointer dereference in CreateCustomVolumeFromBackup in LXD up to version 6.8…

CVE-2026-9639

Description

Nil-pointer dereference in CreateCustomVolumeFromBackup in LXD up to version 6.8 and 5.21 on Linux allows an authenticated user with can_create_storage_volumes permissions to cause a denial of service via a specially crafted custom-volume backup tarball that omits the expires_at snapshot field.

Affected products

Canonical/Lxdinferred2 versions
<= 6.8, <= 5.21+ 1 more
- (no CPE)range: <= 6.8, <= 5.21
- (no CPE)range: <=6.8, <=5.21

Patches

Vulnerability mechanics

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000