CVE-2026-9640

HIGH SEVERITY

CVSS Score & Metrics

Base Score

7.2 / 10

Vector String

                                        CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H                                    

Vulnerability Description

A privilege escalation vulnerability exists in LXD from 6.0 before 6.9, 5.21.0 before 5.21.5, and 5.0.0 before 5.0.7 regarding the handling of project-restriction policies during snapshot restoration.. An authenticated project operator in a restricted multi-tenant environment can bypass policy restrictions by importing a maliciously crafted instance backup containing restricted configuration keys within a snapshot. When the snapshot is restored, these restricted keys are applied to the live instance without policy validation. Starting the modified instance grants the operator unauthorized host root access.

Vulnerability Details

Published Date

June 26, 2026

Last Modified

June 26, 2026

CWE ID

CWE-863

Source

NVD

External References

https://github.com/canonical/lxd/pull/18301
https://github.com/canonical/lxd/pull/18303
https://github.com/canonical/lxd/pull/18304
https://github.com/canonical/lxd/security/advisories/GHSA-ppq7-4492-5552
https://github.com/canonical/lxd/security/advisories/GHSA-ppq7-4492-5552

CVE-2026-9640

CVSS Score & Metrics

Vulnerability Description

Vulnerability Details

External References

Discussion (0)

Add Comment