Description
In Canonical LXD before 6.8, the backup import path validates project restrictions against backup/index.yaml in the supplied tar archive but creates the instance from backup/container/backup.yaml, a separate file in the same archive that is never checked against project restrictions. An authenticated remote attacker with instance-creation permission in a restricted project can craft a backup archive where backup.yaml carries restricted settings such as security.privileged=true or raw.lxc directives, bypassing all project restriction enforcement and allowing full host compromise.
Published: 2026-04-09
Score: 9.1 Critical
EPSS: < 1% Very Low
KEV: No
Impact: Remote Code Execution and Host Compromise via Privilege Escalation
Action: Immediate Patch
AI Analysis

Impact

A flaw in Canonical LXD versions before 6.8 allows a backup import to be crafted so that the backup/index.yaml file, which is checked against project restrictions, is not used for validating the instance configuration. The instance is created from backup/container/backup.yaml, which is never subject to the same checks. An authenticated remote attacker with permission to create instances in a restricted project can therefore inject privileged settings such as security.privileged=true or raw.lxc directives, bypassing all project restrictions and enabling full control over the host.

Affected Systems

The vulnerability affects Canonical LXD installations prior to version 6.8. Any deployment running a 6.7 or earlier LXD instance that accepts backup imports from potentially untrusted sources is at risk.

Risk and Exploitability

The flaw carries a CVSS score of 9.1, indicating critical severity. Although no EPSS score is available, the attack is feasible for attackers who have valid instance‑creation permissions within a restricted project; they can craft a malicious backup archive and trigger the import. The vulnerability is not listed in the CISA KEV catalog, but the potential for complete host compromise makes the risk high regardless of exploit campaign activity.

Generated by OpenCVE AI on April 9, 2026 at 10:20 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Canonical LXD to version 6.8 or newer to apply the vendor fix.
  • If an upgrade cannot be performed immediately, restrict or disable backup import functionality for untrusted sources.
  • Verify that backup archives are signed or originate from trusted administrators before import.

Generated by OpenCVE AI on April 9, 2026 at 10:20 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Debian DSA Debian DSA DSA-6212-1 incus security update
Debian DSA Debian DSA DSA-6213-1 lxd security update
Github GHSA Github GHSA GHSA-q96j-3fmm-7fv4 LXD: Importing a crafted backup leads to project restriction bypass
History

Wed, 22 Apr 2026 21:00:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:canonical:lxd:*:*:*:*:*:*:*:*

Fri, 10 Apr 2026 09:00:00 +0000

Type Values Removed Values Added
First Time appeared Canonical
Canonical lxd
Vendors & Products Canonical
Canonical lxd

Thu, 09 Apr 2026 12:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Thu, 09 Apr 2026 09:30:00 +0000

Type Values Removed Values Added
Description In Canonical LXD before 6.8, the backup import path validates project restrictions against backup/index.yaml in the supplied tar archive but creates the instance from backup/container/backup.yaml, a separate file in the same archive that is never checked against project restrictions. An authenticated remote attacker with instance-creation permission in a restricted project can craft a backup archive where backup.yaml carries restricted settings such as security.privileged=true or raw.lxc directives, bypassing all project restriction enforcement and allowing full host compromise.
Title Importing a crafted backup leads to project restriction bypass
Weaknesses CWE-20
References
Metrics cvssV3_1

{'score': 9.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H'}

Subscriptions

Canonical Lxd
cve-icon MITRE

Status: PUBLISHED

Assigner: canonical

Published:

Updated: 2026-04-09T11:55:20.431Z

Reserved: 2026-03-26T09:24:08.449Z

Link: CVE-2026-34178

cve-icon Vulnrichment

Updated: 2026-04-09T11:54:48.483Z

cve-icon NVD

Status : Analyzed

Published: 2026-04-09T10:16:21.820

Modified: 2026-04-22T20:55:16.703

Link: CVE-2026-34178

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-10T09:33:02Z

Weaknesses