Broken Access Control in the devLXDInstancePatchHandler component of Canonical LXD allows an untrusted guest to mount, read, and overwrite another guest's custom storage volume via a crafted device PATCH request over /dev/lxd when security.devlxd.management.volumes is enabled.

Project Subscriptions

Vendors Products
Canonical Subscribe
Advisories

No advisories yet.

Fixes

Solution

Upgrade to LXD version 6.9 or later.


Workaround

No workaround given by the vendor.

History

Sat, 27 Jun 2026 00:45:00 +0000

Type Values Removed Values Added
First Time appeared Canonical
Canonical lxd
Vendors & Products Canonical
Canonical lxd

Fri, 26 Jun 2026 17:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Fri, 26 Jun 2026 16:00:00 +0000

Type Values Removed Values Added
Description Broken Access Control in the devLXDInstancePatchHandler component of Canonical LXD allows an untrusted guest to mount, read, and overwrite another guest's custom storage volume via a crafted device PATCH request over /dev/lxd when security.devlxd.management.volumes is enabled.
Title Broken Access Control in Canonical LXD DevLXD API
Weaknesses CWE-639
CWE-862
References
Metrics cvssV3_1

{'score': 8.4, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N'}


Projects

Sign in to view the affected projects.

cve-icon MITRE

Status: PUBLISHED

Assigner: canonical

Published:

Updated: 2026-06-26T16:02:55.284Z

Reserved: 2026-06-16T15:07:27.771Z

Link: CVE-2026-12411

cve-icon Vulnrichment

Updated: 2026-06-26T16:02:51.096Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-27T00:30:04Z

Weaknesses