VYPR

Lxd

by Canonical

Source repositories

CVEs (24)

  • CVE-2026-34179CriApr 9, 2026
    risk 0.52cvss 9.1epss 0.00

    In Canonical LXD versions 4.12 through 6.7, the doCertificateUpdate function in lxd/certificates.go does not validate the Type field when handling PUT/PATCH requests to /1.0/certificates/{fingerprint} for restricted TLS certificate users, allowing a remote authenticated attacker…

  • CVE-2026-34178CriApr 9, 2026
    risk 0.52cvss 9.1epss 0.00

    In Canonical LXD before 6.8, the backup import path validates project restrictions against backup/index.yaml in the supplied tar archive but creates the instance from backup/container/backup.yaml, a separate file in the same archive that is never checked against project…

  • CVE-2026-34177CriApr 9, 2026
    risk 0.52cvss 9.1epss 0.00

    Canonical LXD versions 4.12 through 6.7 contain an incomplete denylist in isVMLowLevelOptionForbidden (lxd/project/limits/permissions.go), which omits raw.apparmor and raw.qemu.conf from the set of keys blocked under the restricted.virtual-machines.lowlevel=block project…

  • CVE-2016-1582MedJun 9, 2016
    risk 0.36cvss 5.5epss 0.00

    LXD before 2.0.2 does not properly set permissions when switching an unprivileged container into privileged mode, which allows local users to access arbitrary world readable paths in the container directory via unspecified vectors.

  • CVE-2016-1581MedJun 9, 2016
    risk 0.36cvss 5.5epss 0.00

    LXD before 2.0.2 uses world-readable permissions for /var/lib/lxd/zfs.img when setting up a loop based ZFS pool, which allows local users to copy and read data from arbitrary containers via unspecified vectors.

  • CVE-2026-28385Jun 28, 2026
    risk 0.00cvss epss 0.00

    In Canonical LXD versions 4.12 through 6.9, a Server-Side Request Forgery (SSRF) vulnerability in the image import functionality allows authenticated users with the can_create_images entitlement to interact with internal network infrastructure via the /images endpoint. When…

  • CVE-2026-12411Jun 28, 2026
    risk 0.00cvss epss 0.00

    Broken Access Control in the devLXDInstancePatchHandler component of Canonical LXD allows an untrusted guest to mount, read, and overwrite another guest's custom storage volume via a crafted device PATCH request over /dev/lxd when security.devlxd.management.volumes is enabled.

  • CVE-2026-9640Jun 27, 2026
    risk 0.00cvss epss 0.00

    A privilege escalation vulnerability exists in LXD from 6.0 before 6.9, 5.21.0 before 5.21.5, and 5.0.0 before 5.0.7 regarding the handling of project-restriction policies during snapshot restoration.. An authenticated project operator in a restricted multi-tenant environment…

  • CVE-2026-9639Jun 27, 2026
    risk 0.00cvss epss 0.00

    Nil-pointer dereference in CreateCustomVolumeFromBackup in LXD up to version 6.8 and 5.21 on Linux allows an authenticated user with can_create_storage_volumes permissions to cause a denial of service via a specially crafted custom-volume backup tarball that omits the expires_at…

  • CVE-2026-28384Mar 12, 2026
    risk 0.00cvss epss 0.01

    An improper sanitization of the compression_algorithm parameter in Canonical LXD allows an authenticated, unprivileged user to execute commands as the LXD daemon on the LXD server via API calls to the image and backup endpoints. This issue affected LXD from 4.12 through 6.6 and…

  • CVE-2026-3351Mar 3, 2026
    risk 0.00cvss epss 0.00

    Improper authorization in the API endpoint GET /1.0/certificates in Canonical LXD 6.6 on Linux allows an authenticated, restricted user to enumerate all certificate fingerprints trusted by the lxd server.

  • CVE-2025-54293Oct 2, 2025
    risk 0.00cvss epss 0.01

    Path Traversal in the log file retrieval function in Canonical LXD 5.0 LTS on Linux allows authenticated remote attackers to read arbitrary files on the host system via crafted log file names or symbolic links.

  • CVE-2025-54292Oct 2, 2025
    risk 0.00cvss epss 0.00

    Path traversal in Canonical LXD LXD-UI versions before 6.5 and 5.21.4 on all platforms allows remote authenticated attackers to access or modify unintended resources via crafted resource names embedded in URL paths.

  • CVE-2025-54291Oct 2, 2025
    risk 0.00cvss epss 0.00

    Information disclosure in images API in Canonical LXD before 6.5 and 5.21.4 on all platforms allows unauthenticated remote attackers to determine project existence via differing HTTP status code responses.

  • CVE-2025-54290Oct 2, 2025
    risk 0.00cvss epss 0.00

    Information disclosure in image export API in Canonical LXD before 6.5 and 5.21.4 on Linux allows network attackers to determine project existence without authentication via crafted requests using wildcard fingerprints.

  • CVE-2025-54289Oct 2, 2025
    risk 0.00cvss epss 0.00

    Privilege Escalation in operations API in Canonical LXD <6.5 on multiple platforms allows attacker with read permissions to hijack terminal or console sessions and execute arbitrary commands via WebSocket connection hijacking format

  • CVE-2025-54288Oct 2, 2025
    risk 0.00cvss epss 0.00

    Information Spoofing in devLXD Server in Canonical LXD versions 4.0 and above on Linux container platforms allows attackers with root privileges within any container to impersonate other containers and obtain their metadata, configuration, and device information via spoofed…

  • CVE-2025-54287Oct 2, 2025
    risk 0.00cvss epss 0.00

    Template Injection in instance snapshot creation component in Canonical LXD (>= 4.0) allows an attacker with instance configuration permissions to read arbitrary files on the host system via specially crafted snapshot pattern templates using the Pongo2 template engine.

  • CVE-2025-54286Oct 2, 2025
    risk 0.00cvss epss 0.00

    Cross-Site Request Forgery (CSRF) in LXD-UI in Canonical LXD versions >= 5.0 on Linux allows an attacker to create and start container instances without user consent via crafted HTML form submissions exploiting client certificate authentication.

  • CVE-2024-6219Dec 5, 2024
    risk 0.00cvss epss 0.00

    Mark Laing discovered in LXD's PKI mode, until version 5.21.1, that a restricted certificate could be added to the trust store with its restrictions not honoured.

Page 1 of 2