Shodan
Vulnerabilities
Vulnerable Software
Canonical:  >> Lxd  >> 6.0  Security Vulnerabilities
CVE-2026-34177
Canonical LXD versions 4.12 through 6.7 contain an incomplete denylist in isVMLowLevelOptionForbidden (lxd/project/limits/permissions.go), which omits raw.apparmor and raw.qemu.conf from the set of keys blocked under the restricted.virtual-machines.lowlevel=block project restriction. A remote attacker with can_edit permission on a VM instance in a restricted project can inject an AppArmor rule and a QEMU chardev configuration that bridges the LXD Unix socket into the guest VM, enabling privilege escalation to LXD cluster administrator and subsequently to host root.
CVSS Score
9.1
EPSS Score
0.001
Published
2026-04-09
CVE-2026-34178
In Canonical LXD before 6.8, the backup import path validates project restrictions against backup/index.yaml in the supplied tar archive but creates the instance from backup/container/backup.yaml, a separate file in the same archive that is never checked against project restrictions. An authenticated remote attacker with instance-creation permission in a restricted project can craft a backup archive where backup.yaml carries restricted settings such as security.privileged=true or raw.lxc directives, bypassing all project restriction enforcement and allowing full host compromise.
CVSS Score
9.1
EPSS Score
0.0
Published
2026-04-09
CVE-2026-34179
In Canonical LXD versions 4.12 through 6.7, the doCertificateUpdate function in lxd/certificates.go does not validate the Type field when handling PUT/PATCH requests to /1.0/certificates/{fingerprint} for restricted TLS certificate users, allowing a remote authenticated attacker to escalate privileges to cluster admin.
CVSS Score
9.1
EPSS Score
0.001
Published
2026-04-09
CVE-2025-54293
Path Traversal in the log file retrieval function in Canonical LXD 5.0 LTS on Linux allows authenticated remote attackers to read arbitrary files on the host system via crafted log file names or symbolic links.
CVSS Score
7.1
EPSS Score
0.001
Published
2025-10-02
CVE-2025-54292
Path traversal in Canonical LXD LXD-UI versions before 6.5 and 5.21.4 on all platforms allows remote authenticated attackers to access or modify unintended resources via crafted resource names embedded in URL paths.
CVSS Score
4.8
EPSS Score
0.0
Published
2025-10-02


Products
Pricing
Contact Us

Shodan ® - All rights reserved