CVE-2026-34179

Summary

In Canonical LXD versions 4.12 through 6.7, the doCertificateUpdate function in lxd/certificates.go does not validate the Type field when handling PUT/PATCH requests to /1.0/certificates/{fingerprint} for restricted TLS certificate users, allowing a remote authenticated attacker to escalate privileges to cluster admin.

Affected Software

VendorProductVersion RangeStatus
Canonicallxd4.12.0 < 5.0.7affected
Canonicallxd5.1.0 < 5.21.5affected
Canonicallxd6.0.0 < 6.8.0affected

Weaknesses

  • CWE-915: CWE-915 Improperly controlled modification of Dynamically-Determined object attributes

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: total

Additional References

References