Description

In Canonical LXD before 6.8, the backup import path validates project restrictions against backup/index.yaml in the supplied tar archive but creates the instance from backup/container/backup.yaml, a separate file in the same archive that is never checked against project restrictions. An authenticated remote attacker with instance-creation permission in a restricted project can craft a backup archive where backup.yaml carries restricted settings such as security.privileged=true or raw.lxc directives, bypassing all project restriction enforcement and allowing full host compromise.

INFO

Published Date :

2026-04-09T09:18:58.404Z

Last Modified :

2026-04-09T11:55:20.431Z

Source :

canonical
AFFECTED PRODUCTS

The following products are affected by CVE-2026-34178 vulnerability.

Vendors Products
Canonical
  • Lxd
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-34178.

URL Resource
https://github.com/canonical/lxd/pull/17921 cve-icon cve-icon
https://github.com/canonical/lxd/security/advisories/GHSA-q96j-3fmm-7fv4 cve-icon cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact