Home/Product/canonical lxd
Product

canonical lxd

19 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
CVE-2026-34179
>= 4.12 and <= 5.0.6
In Canonical LXD versions 4.12 through 6.7, the doCertificateUpdate function in lxd/certificates.go does not validate the Type fie
9.1CRITICAL
 CVE-2026-34178
>= 4.12 and <= 5.0.6
In Canonical LXD before 6.8, the backup import path validates project restrictions against backup/index.yaml in the supplied tar a
9.1CRITICAL
 CVE-2026-34177
>= 4.12 and <= 5.0.6
Canonical LXD versions 4.12 through 6.7 contain an incomplete denylist in isVMLowLevelOptionForbidden (lxd/project/limits/permissi
9.1CRITICAL
 CVE-2026-3351
all versions
Improper authorization in the API endpoint GET /1.0/certificates in Canonical LXD 6.6 on Linux allows an authenticated, restricted
4.3MEDIUM
 CVE-2025-54293
>= 4.0.0 and < 5.21.4
Path Traversal in the log file retrieval function in Canonical LXD 5.0 LTS on Linux allows authenticated remote attackers to read
6.5MEDIUM
 CVE-2025-54292
>= 5.0.0 and < 5.21.4
Path traversal in Canonical LXD LXD-UI versions before 6.5 and 5.21.4 on all platforms allows remote authenticated attackers to ac
4.6MEDIUM
 CVE-2025-54291
>= 4.0.0 and < 5.21.4
Information disclosure in images API in Canonical LXD before 6.5 and 5.21.4 on all platforms allows unauthenticated remote attacke
5.3MEDIUM
 CVE-2025-54290
>= 4.0.0 and < 5.21.4
Information disclosure in image export API in Canonical LXD before 6.5 and 5.21.4 on Linux allows network attackers to determine p
5.3MEDIUM
 CVE-2025-54289
>= 4.0.0 and < 5.21.4
Privilege Escalation in operations API in Canonical LXD <6.5 on multiple platforms allows attacker with read permissions to hijack
8.1HIGH
 CVE-2025-54288
>= 4.0.0 and < 5.21.4
Information Spoofing in devLXD Server in Canonical LXD versions 4.0 and above on Linux container platforms allows attackers with r
6.8MEDIUM
 CVE-2025-54287
>= 4.0.0 and < 5.21.4
Template Injection in instance snapshot creation component in Canonical LXD (>= 4.0) allows an attacker with instance configuratio
6.5MEDIUM
 CVE-2025-54286
>= 5.0.0 and < 5.0.5
Cross-Site Request Forgery (CSRF) in LXD-UI in Canonical LXD versions >= 5.0 on Linux allows an attacker to create and start conta
8.8HIGH
 CVE-2024-6219
< 5.21.1
Mark Laing discovered in LXD's PKI mode, until version 5.21.1, that a restricted certificate could be added to the trust store wit
3.8LOW
 CVE-2024-6156
>= 4.0.0 and < 4.0.10
Mark Laing discovered that LXD's PKI mode, until version 5.21.2, could be bypassed if the client's certificate was present in the
3.8LOW
 CVE-2023-49721
>= 5.0.0 and < 5.21.0
An insecure default to allow UEFI Shell in EDK2 was left enabled in LXD. This allows an OS-resident attacker to bypass Secure Boot
6.7MEDIUM
 CVE-2023-48733
all versions
An insecure default to allow UEFI Shell in EDK2 was left enabled in Ubuntu's EDK2. This allows an OS-resident attacker to bypass S
6.7MEDIUM
 CVE-2015-1340
all versions
LXD before version 0.19-0ubuntu5 doUidshiftIntoContainer() has an unsafe Chmod() call that races against the stat in the Filepath.
7.0HIGH
 CVE-2016-1582
all versions
LXD before 2.0.2 does not properly set permissions when switching an unprivileged container into privileged mode, which allows loc
5.5MEDIUM
 CVE-2016-1581
<= 2.0.1
LXD before 2.0.2 uses world-readable permissions for /var/lib/lxd/zfs.img when setting up a loop based ZFS pool, which allows loca
5.5MEDIUM
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh  ·  Open-source threat intelligence platform  ·  100+ authoritative sources  ·  Every fact traces to its origin