LXD — Vulnerabilities & Security Advisories 17

All 17 CVE vulnerabilities found in LXD, with AI-generated Chinese analysis, references, and POCs.

Vendor: Ubuntu

CVE ID	Title	CVSS	Severity	Published
CVE-2026-34179	Update of type field in restricted TLS certificate allows privilege escalation to cluster admin CWE-915	9.1	Critical	2026-04-09
CVE-2026-34178	Importing a crafted backup leads to project restriction bypass CWE-20	9.1	Critical	2026-04-09
CVE-2026-34177	VM lowlevel restriction bypass via raw.apparmor and raw.qemu.conf CWE-184	9.1	Critical	2026-04-09
CVE-2026-28384	Authenticated RCE via unsanitized compression_algorithm CWE-78	8.8^AI	High^AI	2026-03-12
CVE-2026-3351	Authorization Bypass in LXD GET /1.0/certificates Endpoint CWE-862	4.3^AI	Medium^AI	2026-03-03
CVE-2025-54293	Path Traversal in LXD Instance Log File Retrieval CWE-22	6.5^AI	Medium^AI	2025-10-02
CVE-2025-54292	Client-Side Path Traversal in LXD-UI CWE-22	8.1^AI	High^AI	2025-10-02
CVE-2025-54291	Project existence disclosure in LXD images API CWE-209	5.3^AI	Medium^AI	2025-10-02
CVE-2025-54290	Project Existence Disclosure via Error Handling in LXD Image Export CWE-200	5.3^AI	Medium^AI	2025-10-02
CVE-2025-54289	Privilege Escalation via WebSocket Connection Hijacking in LXD Operations API CWE-1385	8.8^AI	High^AI	2025-10-02
CVE-2025-54288	Source Container Identification Vulnerability via cmdline Spoofing in devLXD Server CWE-290	5.1^AI	Medium^AI	2025-10-02
CVE-2025-54287	Arbitrary File Read via Template Injection in Snapshot Patterns CWE-1336	6.5^AI	Medium^AI	2025-10-02
CVE-2025-54286	CSRF Vulnerability When Using Client Certificate Authentication with the LXD-UI CWE-352	8.8^AI	High^AI	2025-10-02
CVE-2024-6219	LXD 安全漏洞	3.8	Low	2024-12-05
CVE-2024-6156	LXD 安全漏洞	3.8	Low	2024-12-05
CVE-2023-49721	EDK2 安全漏洞	6.7	Medium	2024-02-14
CVE-2015-1340	chmod race in doUidshiftIntoContainer	8.1	-	2019-04-22

All 17 known CVE vulnerabilities affecting LXD with full Chinese analysis, references, and POCs where available.