CVE-2026-12411

Summary

Broken Access Control in the devLXDInstancePatchHandler component of Canonical LXD allows an untrusted guest to mount, read, and overwrite another guest's custom storage volume via a crafted device PATCH request over /dev/lxd when security.devlxd.management.volumes is enabled.

Affected Software

VendorProductVersion RangeStatus
Canonicallxd6.6 < 6.9affected

Weaknesses

  • CWE-639: CWE-639 Authorization bypass through User-Controlled key
  • CWE-862: CWE-862 Missing Authorization

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: total

Additional References

References