A privilege escalation vulnerability exists in LXD from 6.0 before 6.9, 5.21.0 before 5.21.5, and 5.0.0 before 5.0.7 regarding the handling of project-restriction policies during snapshot restoration.. An authenticated project operator in a restricted multi-tenant environment can bypass policy restrictions by importing a maliciously crafted instance backup containing restricted configuration keys within a snapshot. When the snapshot is restored, these restricted keys are applied to the live instance without policy validation. Starting the modified instance grants the operator unauthorized host root access.

Project Subscriptions

Vendors Products
Canonical Subscribe
Advisories
Source ID Title
Debian DSA Debian DSA DSA-6373-1 lxd security update
Fixes

Solution

Upgrade to LXD version 6.9 or later, 5.21.5 or later, or 5.0.7 or later.


Workaround

No workaround given by the vendor.

History

Fri, 26 Jun 2026 23:45:00 +0000

Type Values Removed Values Added
First Time appeared Canonical
Canonical lxd
Vendors & Products Canonical
Canonical lxd

Fri, 26 Jun 2026 17:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Fri, 26 Jun 2026 16:00:00 +0000

Type Values Removed Values Added
Description A privilege escalation vulnerability exists in LXD from 6.0 before 6.9, 5.21.0 before 5.21.5, and 5.0.0 before 5.0.7 regarding the handling of project-restriction policies during snapshot restoration.. An authenticated project operator in a restricted multi-tenant environment can bypass policy restrictions by importing a maliciously crafted instance backup containing restricted configuration keys within a snapshot. When the snapshot is restored, these restricted keys are applied to the live instance without policy validation. Starting the modified instance grants the operator unauthorized host root access.
Title LXD Snapshot Import Privilege Escalation Vulnerability
Weaknesses CWE-863
References
Metrics cvssV3_1

{'score': 7.2, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H'}


Projects

Sign in to view the affected projects.

cve-icon MITRE

Status: PUBLISHED

Assigner: canonical

Published:

Updated: 2026-06-30T03:55:24.628Z

Reserved: 2026-05-26T18:31:24.593Z

Link: CVE-2026-9640

cve-icon Vulnrichment

Updated: 2026-06-26T16:00:17.949Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-26T23:30:05Z

Weaknesses