CVE-2026-34178

Canonical · LXD

A backup import validation flaw in Canonical LXD allows authenticated remote attackers to bypass project restrictions and achieve full host compromise.

Executive summary

An authentication bypass vulnerability in the Canonical LXD backup import process allows an attacker to execute arbitrary configurations, leading to full host compromise.

Vulnerability

The vulnerability exists because the backup import process validates restrictions against the wrong file. An authenticated remote attacker with instance-creation permissions can craft a malicious archive to force privileged execution, bypassing security constraints.

Business impact

The CVSS score of 9.1 highlights the critical nature of this flaw. By bypassing project restrictions, an attacker can gain full control over the host system, creating significant risk for data confidentiality, integrity, and availability within the affected LXD environment.

Remediation

Immediate Action: Update all instances of Canonical LXD to version 6.8 or later to ensure backup integrity validation is enforced correctly.

Proactive Monitoring: Review logs for suspicious instance creation events or backup imports originating from untrusted or low-privilege users.

Compensating Controls: Implement strict Access Control Lists (ACLs) for users permitted to perform instance creation or backup restoration tasks.

Exploitation status

Public Exploit Available: Unknown

Analyst recommendation

Administrators should treat this as a high-priority update. The ability for a restricted user to gain full host access via a simple backup import makes this a critical path for remediation to prevent catastrophic system failure.