Canonical Lxd
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Canonical Lxd.
Recent Canonical Lxd Security Advisories
| Advisory | Title | Published |
|---|---|---|
| USN-6738-1 | USN-6738-1: LXD vulnerability | April 22, 2024 |
By the Year
In 2026 there have been 2 vulnerabilities in Canonical Lxd. Last year, in 2025 Lxd had 8 security vulnerabilities published. If vulnerabilities keep coming in at the current rate, it appears that number of security vulnerabilities in Lxd in 2026 could surpass last years number.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 2 | 0.00 |
| 2025 | 8 | 0.00 |
| 2024 | 1 | 0.00 |
| 2023 | 1 | 6.40 |
It may take a day or so for new Lxd vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Canonical Lxd Security Vulnerabilities
LXD 4.12-6.6 Improper sanitization of compression_algorithm allows exec
CVE-2026-28384
- March 12, 2026
An improper sanitization of the compression_algorithm parameter in Canonical LXD allows an authenticated, unprivileged user to execute commands as the LXD daemon on the LXD server via API calls to the image and backup endpoints. This issue affected LXD from 4.12 through 6.6 and was fixed in the snap versions 5.0.6-e49d9f4 (channel 5.0/stable), 5.21.4-1374f39 (channel 5.21/stable), and 6.7-1f11451 (channel 6.0 stable). The channel 4.0/stable is not affected as it contains version 4.0.10.
Shell injection
LXD 6.6 ImpAuth: Enumerate Cert FP via GET /1.0/certificates
CVE-2026-3351
- March 03, 2026
Improper authorization in the API endpoint GET /1.0/certificates in Canonical LXD 6.6 on Linux allows an authenticated, restricted user to enumerate all certificate fingerprints trusted by the lxd server.
AuthZ
Canonical LXD 5.0 LTS Log Retrieval Path Traversal
CVE-2025-54293
- October 02, 2025
Path Traversal in the log file retrieval function in Canonical LXD 5.0 LTS on Linux allows authenticated remote attackers to read arbitrary files on the host system via crafted log file names or symbolic links.
Directory traversal
Path Traver in Canonical LXD-UI <6.5 / <5.21.4 (auth)
CVE-2025-54292
- October 02, 2025
Path traversal in Canonical LXD LXD-UI versions before 6.5 and 5.21.4 on all platforms allows remote authenticated attackers to access or modify unintended resources via crafted resource names embedded in URL paths.
Directory traversal
Info Disclosure: LXD Images API (6.5/5.21.4) Unauth Project Disclosure
CVE-2025-54291
- October 02, 2025
Information disclosure in images API in Canonical LXD before 6.5 and 5.21.4 on all platforms allows unauthenticated remote attackers to determine project existence via differing HTTP status code responses.
Generation of Error Message Containing Sensitive Information
Info Disclosure in Canonical LXD Image Export API (pre-6.5/5.21.4)
CVE-2025-54290
- October 02, 2025
Information disclosure in image export API in Canonical LXD before 6.5 and 5.21.4 on Linux allows network attackers to determine project existence without authentication via crafted requests using wildcard fingerprints.
Information Disclosure
LXD 6.5 Priv Esc via Ops API WS Hijack
CVE-2025-54289
- October 02, 2025
Privilege Escalation in operations API in Canonical LXD <6.5 on multiple platforms allows attacker with read permissions to hijack terminal or console sessions and execute arbitrary commands via WebSocket connection hijacking format
1385
Information Spoofing in Canonical LXD 4.0+ via devLXD Server
CVE-2025-54288
- October 02, 2025
Information Spoofing in devLXD Server in Canonical LXD versions 4.0 and above on Linux container platforms allows attackers with root privileges within any container to impersonate other containers and obtain their metadata, configuration, and device information via spoofed process names in the command line.
Authentication Bypass by Spoofing
Template Injection in Canonical LXD 4.0+ Snapshot via Pongo2
CVE-2025-54287
- October 02, 2025
Template Injection in instance snapshot creation component in Canonical LXD (>= 4.0) allows an attacker with instance configuration permissions to read arbitrary files on the host system via specially crafted snapshot pattern templates using the Pongo2 template engine.
1336
CSRF in LXD-UI (5.0) Allows Unauthed Container Creation
CVE-2025-54286
- October 02, 2025
Cross-Site Request Forgery (CSRF) in LXD-UI in Canonical LXD versions >= 5.0 on Linux allows an attacker to create and start container instances without user consent via crafted HTML form submissions exploiting client certificate authentication.
Session Riding
UEFI Shell Enabled in LXD EDK2 Bypasses Secure Boot
CVE-2023-49721
- February 14, 2024
An insecure default to allow UEFI Shell in EDK2 was left enabled in LXD. This allows an OS-resident attacker to bypass Secure Boot.
PrivEsc via LXD Group Bypass on Ubuntu Server
CVE-2023-5536
6.4 - Medium
- December 12, 2023
A feature in LXD (LP#1829071), affects the default configuration of Ubuntu Server which allows privileged users in the lxd group to escalate their privilege to root without requiring a sudo password.
Incorrect Default Permissions
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Canonical Lxd or by Canonical? Click the Watch button to subscribe.
