Plataforma
go
Componente
github.com/canonical/lxd
Corrigido em
5.0.7
5.21.5
6.8.0
0.0.1
CVE-2026-34179 is a critical Privilege Escalation vulnerability affecting LXD, a Linux container hypervisor. An attacker with a restricted TLS certificate can escalate their privileges to cluster administrator by altering the certificate type. This vulnerability impacts LXD versions up to 0.0.0-20260226085519-736f34afb267, but a fix is available in version 6.8.0.
CVE-2026-34179 in LXD allows a user with a restricted TLS certificate to escalate privileges to cluster admin. This is achieved by changing the certificate type from 'client' to 'server' via a PUT/PATCH request to /1.0/certificates/{fingerprint}. The doCertificateUpdate function fails to properly validate or reset the 'Type' field, allowing a caller-supplied value to persist to the database. The modified certificate is matched as a server certificate during TLS authentication, granting the ProtocolCluster full admin privileges. The CVSS score is 9.1, indicating a critical risk. This vulnerability could allow an attacker to completely compromise the LXD cluster, gaining full control over managed virtual machines and containers.
An attacker with access to a restricted TLS certificate within an LXD cluster can exploit this vulnerability. The attacker needs to be able to make PUT/PATCH requests to the certificate API. Exploitation involves modifying the certificate type to 'server', which allows the attacker to authenticate as a TLS server. Once authenticated as a server, the attacker can execute commands with cluster admin privileges. The complexity of exploitation is relatively low, requiring only modification of an existing certificate through the API. The likelihood of exploitation is high, especially in environments where TLS certificates are not managed securely.
Status do Exploit
EPSS
0.11% (percentil 30%)
CISA SSVC
Vetor CVSS
The recommended mitigation is to upgrade LXD to version 6.8.0 or higher. This version includes a fix that properly validates and resets the 'Type' field during certificate updates, preventing privilege escalation. In the meantime, as a temporary measure, restrict access to the certificate API and regularly audit existing certificates for unauthorized modifications. It is also crucial to review certificate access policies and ensure that only authorized users can create and modify TLS certificates. The upgrade is the most effective solution and is recommended as soon as possible.
Actualice LXD a la versión 6.8.0 o superior para mitigar la vulnerabilidad. La actualización corrige la falta de validación del campo 'Type' en las solicitudes PUT/PATCH a /1.0/certificates/{fingerprint}, previniendo la escalada de privilegios a administrador de clúster.Análise de vulnerabilidades e alertas críticos diretamente no seu e-mail.
LXD is an open-source container virtualization system.
It allows an attacker to gain full control of an LXD cluster.
Upgrade to version 6.8.0 or higher as soon as possible.
Restrict access to the certificate API and regularly audit existing certificates.
Consult the official LXD documentation and security advisories.
Envie seu arquivo de dependências e descubra na hora se esta e outras CVEs te atingem.
Envie seu arquivo go.mod e descubra na hora se você está afetado.