Back

Mageia 9 LXC CVE-2026-39402 Insufficient Validation Vulnerability

Severity: Medium (Score: 57.8)

Sources: Linuxsecurity

Published: 2026-06-04 · Updated: 2026-06-04

Keywords: cve-2026-39402, insufficient, validation, warning, array, mageia, description

Severity indicators: CVE:CVE-2026-39402, CVE:CVE-2026-39402, CVE:CVE-2026-39402

Summary

CVE-2026-39402, affecting Mageia 9's LXC component, allows insufficient ownership validation, enabling cross-tenant OVS port deletion. This vulnerability poses a significant risk as it could allow unauthorized users to manipulate network resources. The flaw was published on May 5, 2026, and affects systems running LXC version 5.0.3-1.1.mga9. Users are advised to apply patches to mitigate the risk. The advisory highlights the importance of validating user permissions in multi-tenant environments. Current status indicates that the vulnerability is known but may not yet be actively exploited. Organizations using Mageia 9 should prioritize updates to secure their systems. Key Points: • CVE-2026-39402 allows cross-tenant OVS port deletion due to insufficient validation. • The vulnerability affects Mageia 9 systems running LXC version 5.0.3-1.1.mga9. • Patches are available, and users are urged to update to mitigate risks.

Detailed Analysis

**Impact** The vulnerability affects Mageia 9 users running lxc version 5.0.3-1.1, specifically those utilizing lxc-user-nic configurations. It allows unauthorized cross-tenant deletion of Open vSwitch (OVS) ports, potentially disrupting network connectivity and operations in multi-tenant environments. No specific sectors, geographies, or data loss details are provided in the sources. **Technical Details** CVE-2026-39402 involves insufficient ownership validation in the lxc-user-nic component, enabling attackers to delete OVS ports belonging to other tenants. The vulnerability is present in lxc version 5.0.3-1.1 on Mageia 9. No malware, tools, or additional IOCs are mentioned. The attack vector is local privilege misuse within container network interfaces, impacting the network configuration stage of the kill chain. **Recommended Response** Apply the Mageia 9 security update for lxc version 5.0.3-1.1 immediately to remediate CVE-2026-39402. Monitor network configurations and OVS port status for unauthorized changes. Harden container network interface permissions and restrict user access to lxc-user-nic. No additional detection signatures or IOCs are provided in the sources.

Source articles (2)

  • Mageia 9 ceph Security Advisory Bug Fix for MGAA-2026 — Linuxsecurity · 2026-06-04
    - - - - Warning : Undefined array key "block" in /var/www/ on line 17 Warning : Undefined array key "block" in /var/www/ on line 21 Warning : foreach() argument must be of type array|object, null give…
  • Mageia 9 lxc CVE-2026-39402 Important Insufficient Validation 2026 — Linuxsecurity · 2026-06-04
    Description: CVE-2026-39402, lxc lxc-user-nic insufficient ownership validation allows cross-tenant OVS port deletion Description: CVE-2026-39402, lxc lxc-user-nic insufficient ownership validation al…

Timeline

  • 2026-05-05 — CVE-2026-39402 published: Mageia disclosed a vulnerability in LXC allowing cross-tenant OVS port deletion due to insufficient ownership validation.
  • 2026-06-04 — Mageia 9 LXC vulnerability advisory released: Mageia issued an advisory urging users to apply patches for CVE-2026-39402 to prevent unauthorized access.

CVEs

  • CVE-2026-39402

Related entities

  • CWE-862 - Missing Authorization (Cwe)
  • advisories.mageia.org (Domain)
  • Linux (Platform)
  • LXC (Platform)
Loading threat details...

Threat Not Found

The threat cluster you're looking for doesn't exist or has been removed.

Return to Feed