CVE-2026-34179
CVE-2026-34179
9.1
CriticalPublished:
Last updated:
Source:security@ubuntu.com
Analyzed
Weakness (CWE)
CVSS Vector
v3.1- Attack Vector
- Network
- Attack Complexity
- Low
- Privileges Required
- High
- User Interaction
- None
- Scope
- Changed
- Confidentiality
- High
- Integrity
- High
- Availability
- High
Description
In Canonical LXD versions 4.12 through 6.7, the doCertificateUpdate function in lxd/certificates.go does not validate the Type field when handling PUT/PATCH requests to /1.0/certificates/{fingerprint} for restricted TLS certificate users, allowing a remote authenticated attacker to escalate privileges to cluster admin.
References
security@ubuntu.com
https://github.com/canonical/lxd/pull/17936security@ubuntu.com
https://github.com/canonical/lxd/security/advisories/GHSA-c3h3-89qf-jqm5134c704f-9b21-4f2e-91b3-4a467353bcc0
https://github.com/canonical/lxd/security/advisories/GHSA-c3h3-89qf-jqm5