Scan free
CRITICALCVE-2026-34179CVSS 9.1

CVE-2026-34179: LXD Privilege Escalation - Critical

Platform

go

Component

github.com/canonical/lxd

Fixed in

5.0.7

5.21.5

6.8.0

0.0.1

AI Confidence: highNVDEPSS 0.1%Reviewed: Apr 2026
View on NVD
Save

CVE-2026-34179 is a critical Privilege Escalation vulnerability affecting LXD, a Linux container hypervisor. An attacker with a restricted TLS certificate can escalate their privileges to cluster administrator by altering the certificate type. This vulnerability impacts LXD versions up to 0.0.0-20260226085519-736f34afb267, but a fix is available in version 6.8.0.

Go

Detect this CVE in your project

Upload your go.mod file and we'll tell you instantly if you're affected.

Upload go.mod

Impact and Attack Scenarios

CVE-2026-34179 in LXD allows a user with a restricted TLS certificate to escalate privileges to cluster admin. This is achieved by changing the certificate type from 'client' to 'server' via a PUT/PATCH request to /1.0/certificates/{fingerprint}. The doCertificateUpdate function fails to properly validate or reset the 'Type' field, allowing a caller-supplied value to persist to the database. The modified certificate is matched as a server certificate during TLS authentication, granting the ProtocolCluster full admin privileges. The CVSS score is 9.1, indicating a critical risk. This vulnerability could allow an attacker to completely compromise the LXD cluster, gaining full control over managed virtual machines and containers.

Exploitation Context

An attacker with access to a restricted TLS certificate within an LXD cluster can exploit this vulnerability. The attacker needs to be able to make PUT/PATCH requests to the certificate API. Exploitation involves modifying the certificate type to 'server', which allows the attacker to authenticate as a TLS server. Once authenticated as a server, the attacker can execute commands with cluster admin privileges. The complexity of exploitation is relatively low, requiring only modification of an existing certificate through the API. The likelihood of exploitation is high, especially in environments where TLS certificates are not managed securely.

Threat Intelligence

Exploit Status

Proof of ConceptUnknown
CISA KEVNO
Internet ExposureHigh
Reports1 threat report

EPSS

0.11% (30% percentile)

CISA SSVC

Exploitationpoc
Automatableno
Technical Impacttotal

CVSS Vector

THREAT INTELLIGENCE· CVSS 3.1CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H9.1CRITICALAttack VectorNetworkHow the attacker reaches the targetAttack ComplexityLowConditions required to exploitPrivileges RequiredHighAuthentication level needed to attackUser InteractionNoneWhether a victim must take actionScopeChangedImpact beyond the vulnerable componentConfidentialityHighRisk of sensitive data exposureIntegrityHighRisk of unauthorized data modificationAvailabilityHighRisk of service disruptionnextguardhq.com · CVSS v3.1 Base Score
What do these metrics mean?
Attack Vector
Network — remotely exploitable over the internet. No physical or local access required. Widest attack surface.
Attack Complexity
Low — no special conditions required. Attacker can exploit reliably without depending on rare configurations or timing.
Privileges Required
High — admin or privileged account required to exploit.
User Interaction
None — attack is automatic and silent. Victim does nothing: no click, no file open.
Scope
Changed — successful attack can pivot beyond the vulnerable component to other systems or the host OS.
Confidentiality
High — complete confidentiality loss. Attacker can read all data: credentials, keys, personal data.
Integrity
High — attacker can write, modify, or delete any data: databases, config files, or code.
Availability
High — complete crash or resource exhaustion. Full denial of service.

Affected Software

Componentgithub.com/canonical/lxd
Vendorosv
Affected rangeFixed in
4.12.0 – 5.0.75.0.7
5.1.0 – 5.21.55.21.5
6.0.0 – 6.8.06.8.0
0.0.0-20210305023314-538ac3df036e – 0.0.0-20260226085519-736f34afb2670.0.1

Weakness Classification (CWE)

CWE-915

Timeline

  1. Reserved
  2. Published
  3. EPSS updated

Mitigation and Workarounds

The recommended mitigation is to upgrade LXD to version 6.8.0 or higher. This version includes a fix that properly validates and resets the 'Type' field during certificate updates, preventing privilege escalation. In the meantime, as a temporary measure, restrict access to the certificate API and regularly audit existing certificates for unauthorized modifications. It is also crucial to review certificate access policies and ensure that only authorized users can create and modify TLS certificates. The upgrade is the most effective solution and is recommended as soon as possible.

How to fix

Actualice LXD a la versión 6.8.0 o superior para mitigar la vulnerabilidad. La actualización corrige la falta de validación del campo 'Type' en las solicitudes PUT/PATCH a /1.0/certificates/{fingerprint}, previniendo la escalada de privilegios a administrador de clúster.

CVE Security Newsletter

Vulnerability analysis and critical alerts directly to your inbox.

Frequently asked questions

What is CVE-2026-34179 — Privilege Escalation in github.com/canonical/lxd?

LXD is an open-source container virtualization system.

Am I affected by CVE-2026-34179 in github.com/canonical/lxd?

It allows an attacker to gain full control of an LXD cluster.

How do I fix CVE-2026-34179 in github.com/canonical/lxd?

Upgrade to version 6.8.0 or higher as soon as possible.

Is CVE-2026-34179 being actively exploited?

Restrict access to the certificate API and regularly audit existing certificates.

Where can I find the official github.com/canonical/lxd advisory for CVE-2026-34179?

Consult the official LXD documentation and security advisories.

Is your project affected?

Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.

Scan freeSearch CVEs