Severity by source
AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N
Attack originates inside a guest via the local /dev/lxd socket (AV:L) and needs an existing guest foothold plus the non-default volumes setting (PR:L); reaching another guest's volume is a scope change (S:C).
Primary rating from Vendor (canonical).
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N
Lifecycle Timeline
7DescriptionNVD
Broken Access Control in the devLXDInstancePatchHandler component of Canonical LXD allows an untrusted guest to mount, read, and overwrite another guest's custom storage volume via a crafted device PATCH request over /dev/lxd when security.devlxd.management.volumes is enabled.
AnalysisAI
Cross-guest storage-volume hijacking in Canonical LXD 6.6 through 6.8 lets an untrusted guest instance mount, read, and overwrite the custom storage volumes owned by other guests on the same host, breaking tenant isolation. Exploitation requires the non-default security.devlxd.management.volumes option to be enabled, and is fixed in LXD 6.9. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | The host must have security.devlxd.management.volumes explicitly enabled - this is a non-default configuration setting and is the single most important prerequisite. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | Signals conflict and must be weighed carefully. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker who controls one guest instance on a shared LXD host (for example a low-trust tenant container) crafts a device PATCH request to /dev/lxd referencing another tenant's custom storage volume identifier. Because the handler does not check ownership, the volume is mounted into the attacker's guest, allowing it to read confidential data and overwrite the victim's data. … |
| Remediation | Upgrade to Canonical LXD 6.9, which contains the fix (Vendor-released patch: LXD 6.9), delivered via pull request https://github.com/canonical/lxd/pull/18585 and documented in advisory https://github.com/canonical/lxd/security/advisories/GHSA-hhf9-qw4v-72xp. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
24 hours: Audit all LXD deployments to identify instances with security.devlxd.management.volumes enabled; disable immediately if not operationally required. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
Cross-Site Request Forgery (CSRF) in LXD-UI in Canonical LXD versions >= 5.0 on Linux allows an attacker to create and s
Privilege Escalation in operations API in Canonical LXD <6.5 on multiple platforms allows attacker with read permissions
Information Spoofing in devLXD Server in Canonical LXD versions 4.0 and above on Linux container platforms allows attack
Path Traversal in the log file retrieval function in Canonical LXD 5.0 LTS on Linux allows authenticated remote attacker
A arbitrary file access vulnerability (CVSS 6.5) that allows an attacker with instance configuration permissions. Risk
Information disclosure in image export API in Canonical LXD before 6.5 and 5.21.4 on Linux allows network attackers to d
Information disclosure in images API in Canonical LXD before 6.5 and 5.21.4 on all platforms allows unauthenticated remo
Path traversal in Canonical LXD LXD-UI versions before 6.5 and 5.21.4 on all platforms allows remote authenticated attac
Canonical LXD 6.6 on Linux contains an authorization bypass in the GET /1.0/certificates API endpoint that allows authen
Privilege escalation in Canonical LXD (versions 6.0-6.8, 5.21.0-5.21.4, and 5.0.0-5.0.6) allows an authenticated project
Nil-pointer dereference in LXD's CreateCustomVolumeFromBackup function allows an authenticated user with can_create_stor
Server-Side Request Forgery in Canonical LXD's image import endpoint allows authenticated users holding the can_create_i
Same technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-39788