Zero Day MonitorZDM

← Back to list

9.1

CVE-2026-34179PATCHED

canonical · lxd

Update of type field in restricted TLS certificate allows privilege escalation to cluster admin

Description

In Canonical LXD versions 4.12 through 6.7, the doCertificateUpdate function in lxd/certificates.go does not validate the Type field when handling PUT/PATCH requests to /1.0/certificates/{fingerprint} for restricted TLS certificate users, allowing a remote authenticated attacker to escalate privileges to cluster admin.

Affected Products

Vendor	Product	Versions
canonical	lxd	4.12.0, 5.1.0, 6.0.0

References

https://github.com/canonical/lxd/security/advisories/GHSA-c3h3-89qf-jqm5(vdb-entry, vendor-advisory)
https://github.com/canonical/lxd/pull/17936(patch, issue-tracking)

Related News (1 articles)

Tier C

VulDB25d ago

CVE-2026-34179 | Canonical LXD up to 5.0.6/5.21.4/6.7.x TLS Certificate lxd/certificates.go doCertificateUpdate Type dynamically-determined object attributes

→ No new info (linked only)

CVSS 3.19.1 CRITICAL

VectorCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

CISA KEV❌ No

Actively exploited❌ No

Patch available

5.0.75.21.56.8.0

CWECWE-915

PublishedApr 9, 2026

Last enriched25d agov2

Trending Score3

Source articles1

Independent1

Info Completeness9/14

Missing: epss, kev, exploit, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

HIGHCVE-2026-23268

apparmor: fix unprivileged local user can do privileged policy management

Linux kernel vulnerabilities in Ubuntu 20.04 LTS and 24.04 LTS

CRITICALCVE-2026-6369

Exposed Session Token in canonical-livepatch client snap

CRITICALCVE-2026-34178

Importing a crafted backup leads to project restriction bypass

HIGHCVE-2026-23269

apparmor: validate DFA start states are in bounds in unpack_pdb

Pin to Dashboard

Verification

State: unverified

Confidence: 0%

Vulnerability Timeline

CVE Published

Apr 9, 2026

Discovered by ZDM

Apr 9, 2026

Updated: affectedVersions

Apr 9, 2026

Patch Available

Apr 9, 2026

Version History

v2

Last enriched 25d ago

v2Tier C25d ago

Updated affected versions to include 5.0.6, 5.21.4, and 6.7, and corrected exploit availability and active exploitation status.

affectedVersions

via VulDB

v125d ago

Initial creation