A critical privilege escalation vulnerability in Canonical LXD allows authenticated users to gain cluster admin privileges.

The doCertificateUpdate function fails to validate the Type field during PUT/PATCH requests to /1.0/certificates/{fingerprint}. This allows a remote authenticated attacker with restricted TLS access to escalate privileges to cluster admin.

With a CVSS score of 9.1, this vulnerability allows an attacker to gain full control over the LXD cluster. This could lead to unauthorized access to all containers, data theft, and the ability to deploy malicious workloads across the cluster.

Immediate Action: Update LXD to a version that contains the fix for this privilege escalation vulnerability.

Proactive Monitoring: Monitor API audit logs for unusual certificate update requests or unauthorized administrative actions.

Compensating Controls: Limit access to the LXD API to only trusted, authorized users and implement strict network-level controls for cluster management traffic.

Public Exploit Available: No

Privilege escalation within container orchestration platforms is a high-priority risk. Administrators must update their LXD installations immediately to ensure that restricted users cannot elevate their privileges and compromise the entire cluster.