Product
canonical multipass
5 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
CVE-2026-49238
CVE-2026-49237
CVE-2025-5199
CVE-2021-3747
CVE-2021-3626
< 1.16.3
An issue was discovered in Canonical Multipass before version 1.16.3. The host-side SFTP server component (sshfs_server), which ex
< 1.16.3
An issue was discovered in Canonical Multipass for macOS before version 1.16.3 due to an incomplete fix for CVE-2025-5199. While t
< 1.16.0
In Canonical Multipass up to and including version 1.15.1 on macOS, incorrect default permissions allow a local attacker to escala
>= 1.7.0 and < 1.7.2
The MacOS version of Multipass, version 1.7.0, fixed in 1.7.2, accidentally installed the application directory with incorrect own
< 1.7.0
The Windows version of Multipass before 1.7.0 allowed any local process to connect to the localhost TCP control socket to perform