Broken Access Control in the devLXDInstancePatchHandler component of Canonical LXD allows an untrusted guest to mount, read, and overwrite another guest's custom storage volume via a crafted device PATCH request over /dev/lxd when security.devlxd.management.volumes is enabled.
Advisories
No advisories yet.
Fixes
Solution
Upgrade to LXD version 6.9 or later.
Workaround
No workaround given by the vendor.
References
History
Sat, 27 Jun 2026 00:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Canonical
Canonical lxd |
|
| Vendors & Products |
Canonical
Canonical lxd |
Fri, 26 Jun 2026 17:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Fri, 26 Jun 2026 16:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | Broken Access Control in the devLXDInstancePatchHandler component of Canonical LXD allows an untrusted guest to mount, read, and overwrite another guest's custom storage volume via a crafted device PATCH request over /dev/lxd when security.devlxd.management.volumes is enabled. | |
| Title | Broken Access Control in Canonical LXD DevLXD API | |
| Weaknesses | CWE-639 CWE-862 |
|
| References |
| |
| Metrics |
cvssV3_1
|
Projects
Sign in to view the affected projects.
Status: PUBLISHED
Assigner: canonical
Published:
Updated: 2026-06-26T16:02:55.284Z
Reserved: 2026-06-16T15:07:27.771Z
Link: CVE-2026-12411
Updated: 2026-06-26T16:02:51.096Z
No data.
No data.
OpenCVE Enrichment
Updated: 2026-06-27T00:30:04Z