Skip to main content

Canonical LXD CVE-2026-9640

| EUVDEUVD-2026-39794 HIGH
Incorrect Authorization (CWE-863)
2026-06-26 canonical
7.2
CVSS 3.1 · Vendor: canonical
Share

Severity by source

Vendor (canonical) PRIMARY
7.2 HIGH
AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
vuln.today AI
9.9 CRITICAL

API-reachable with low complexity, needs an existing operator account (PR:L); escaping a confined project to host root is a scope change (S:C) with full host compromise.

3.1 AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
4.0 AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

Primary rating from Vendor (canonical).

CVSS VectorVendor: canonical

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

2
Source Code Evidence Fetched
Jun 26, 2026 - 16:16 vuln.today
Analysis Generated
Jun 26, 2026 - 16:16 vuln.today

DescriptionCVE.org

A privilege escalation vulnerability exists in LXD from 6.0 before 6.9, 5.21.0 before 5.21.5, and 5.0.0 before 5.0.7 regarding the handling of project-restriction policies during snapshot restoration.. An authenticated project operator in a restricted multi-tenant environment can bypass policy restrictions by importing a maliciously crafted instance backup containing restricted configuration keys within a snapshot. When the snapshot is restored, these restricted keys are applied to the live instance without policy validation. Starting the modified instance grants the operator unauthorized host root access.

AnalysisAI

Privilege escalation in Canonical LXD (versions 6.0-6.8, 5.21.0-5.21.4, and 5.0.0-5.0.6) allows an authenticated project operator in a restricted multi-tenant deployment to escape tenant confinement and obtain host root. Because project-restriction policies are not re-validated when an instance backup is imported and its snapshot restored, an operator can smuggle restricted configuration keys into a snapshot, restore them onto the live instance, and start it to gain unauthorized root on the host. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Authenticate as project operator
Delivery
Craft backup with restricted keys in snapshot
Exploit
Import backup into restricted project
Execution
Restore snapshot bypassing policy validation
Persist
Start modified instance
Impact
Gain host root access

Vulnerability AssessmentAI

Exploitation Exploitation requires three concrete conditions drawn from the description: (1) LXD must be deployed as a restricted multi-tenant environment with project-restriction policies in force - single-tenant or unrestricted installs are not affected; (2) the attacker must already hold an authenticated project operator account in such a restricted project (PR:H), so this is not anonymous; and (3) the attacker must be able to import an instance backup and restore a snapshot, with the backup maliciously crafted to embed restricted configuration keys inside a snapshot definition. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The vendor CVSS 3.1 vector (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H, base 7.2 High) reflects a network-reachable LXD API, low attack complexity, and full host compromise, but is gated behind high privileges (an existing project operator account) and, critically, a non-default deployment: this is only exploitable where LXD is configured for restricted multi-tenant projects. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario A tenant operator on a shared LXD host crafts an instance backup whose snapshot definition contains restricted configuration keys (for example security/privilege or restricted volatile keys) that project policy would normally reject. They import the backup into their restricted project and restore the snapshot; LXD applies the restricted keys to the live instance without policy validation, and starting that instance yields root on the underlying host. …
Remediation Vendor-released patch: upgrade to LXD 6.9, 5.21.5, or 5.0.7 or later depending on your branch, per advisory GHSA-ppq7-4492-5552 (https://github.com/canonical/lxd/security/advisories/GHSA-ppq7-4492-5552); the corresponding code fixes are in https://github.com/canonical/lxd/pull/18301, /18303 and /18304. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Inventory all LXD deployments and identify systems running affected versions (6.0-6.8, 5.21.0-5.21.4, 5.0.0-5.0.6); prioritize multi-tenant configurations and restrict project operator access as interim measure. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

More in Lxd

View all
CVE-2025-54286 HIGH POC
8.8 Oct 02

Cross-Site Request Forgery (CSRF) in LXD-UI in Canonical LXD versions >= 5.0 on Linux allows an attacker to create and s

CVE-2025-54289 HIGH POC
8.1 Oct 02

Privilege Escalation in operations API in Canonical LXD <6.5 on multiple platforms allows attacker with read permissions

CVE-2025-54288 MEDIUM POC
6.8 Oct 02

Information Spoofing in devLXD Server in Canonical LXD versions 4.0 and above on Linux container platforms allows attack

CVE-2025-54293 MEDIUM POC
6.5 Oct 02

Path Traversal in the log file retrieval function in Canonical LXD 5.0 LTS on Linux allows authenticated remote attacker

CVE-2025-54287 MEDIUM POC
6.5 Oct 02

A arbitrary file access vulnerability (CVSS 6.5) that allows an attacker with instance configuration permissions. Risk

CVE-2026-12411 CRITICAL
9.6 Jun 26

Cross-guest storage-volume hijacking in Canonical LXD 6.6 through 6.8 lets an untrusted guest instance mount, read, and

CVE-2025-54290 MEDIUM POC
5.3 Oct 02

Information disclosure in image export API in Canonical LXD before 6.5 and 5.21.4 on Linux allows network attackers to d

CVE-2025-54291 MEDIUM POC
5.3 Oct 02

Information disclosure in images API in Canonical LXD before 6.5 and 5.21.4 on all platforms allows unauthenticated remo

CVE-2025-54292 MEDIUM POC
4.6 Oct 02

Path traversal in Canonical LXD LXD-UI versions before 6.5 and 5.21.4 on all platforms allows remote authenticated attac

CVE-2026-3351 MEDIUM POC
4.3 Mar 03

Canonical LXD 6.6 on Linux contains an authorization bypass in the GET /1.0/certificates API endpoint that allows authen

CVE-2026-9639 MEDIUM
6.5 Jun 26

Nil-pointer dereference in LXD's CreateCustomVolumeFromBackup function allows an authenticated user with can_create_stor

CVE-2026-28385 MEDIUM
5.0 Jun 26

Server-Side Request Forgery in Canonical LXD's image import endpoint allows authenticated users holding the can_create_i

Share

CVE-2026-9640 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy