CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2026-3351

Improper authorization in the API endpoint GET /1.0/certificates in Canonical LXD 6.6 on Linux allows an authenticated, restricted user to enumerate all certificate fingerprints trusted by the lxd server.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 6.1%

CVSS Severity

CVSS v3 Score 4.3

References

https://github.com/canonical/lxd/commit/d936c90d47cf0be1e9757df897f769e9887ebde1
https://github.com/canonical/lxd/pull/17738
https://github.com/canonical/lxd/security/advisories/GHSA-crmg-9m86-636r

Products affected by CVE-2026-3351

Canonical » Lxd » Version: 6.6

cpe:2.3:a:canonical:lxd:6.6
Linux » Linux Kernel » Version: N/A

cpe:2.3:o:linux:linux_kernel:-

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2026-3351

Products

Pricing

Contact Us