Critical Privilege Escalation Vulnerabilities in Canonical LXD Discovered

Severity: High (Score: 72.6)

Sources: nvd.nist.gov, Ccb.Belgium.Be

Summary

Three critical vulnerabilities (CVE-2026-34177, CVE-2026-34178, CVE-2026-34179) have been identified in Canonical LXD versions 4.12 through 6.7, allowing authenticated users to escalate privileges to cluster admin and host root. CVE-2026-34177 involves an incomplete denylist that lets attackers inject AppArmor rules and QEMU configurations, compromising the host. CVE-2026-34178 allows attackers to bypass project restrictions by manipulating configuration files during backup creation. CVE-2026-34179 enables a restricted TLS certificate user to gain admin privileges by altering their certificate type. The vulnerabilities impact availability, confidentiality, and integrity of systems using LXD. Organizations are urged to prioritize patching and enhance monitoring capabilities. The vulnerabilities were published on April 9, 2026, and pose a significant risk to affected systems. Immediate action is recommended to mitigate potential exploitation. Key Points: • Three critical vulnerabilities in Canonical LXD allow privilege escalation to host root. • CVE-2026-34177 enables attackers to inject malicious configurations via AppArmor and QEMU. • Organizations must patch affected systems and enhance monitoring to prevent exploitation.

Key Entities

• Zero-day Exploit (attack_type)
• CVE-2026-34177 (cve)
• CVE-2026-34178 (cve)
• CVE-2026-34179 (cve)
• T1068 - Exploitation for Privilege Escalation (mitre_attack)
• AppArmor (platform)
• LXD (platform)
• QEMU (platform)