CVE-2026-34178

NameCVE-2026-34178
DescriptionIn Canonical LXD before 6.8, the backup import path validates project restrictions against backup/index.yaml in the supplied tar archive but creates the instance from backup/container/backup.yaml, a separate file in the same archive that is never checked against project restrictions. An authenticated remote attacker with instance-creation permission in a restricted project can craft a backup archive where backup.yaml carries restricted settings such as security.privileged=true or raw.lxc directives, bypassing all project restriction enforcement and allowing full host compromise.
SourceCVE (at NVD; CERT, ENISA, LWN, oss-sec, fulldisc, Debian ELTS, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesDSA-6212-1

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
incus (PTS)trixie6.0.4-2+deb13u4vulnerable
trixie (security)6.0.4-2+deb13u6fixed
forky, sid6.0.6-3fixed
lxd (PTS)bookworm5.0.2-5+deb12u2vulnerable
bookworm (security)5.0.2-5+deb12u5vulnerable
trixie5.0.2+git20231211.1364ae4-9+deb13u3vulnerable
trixie (security)5.0.2+git20231211.1364ae4-9+deb13u5fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
incussourcetrixie6.0.4-2+deb13u6DSA-6212-1
incussource(unstable)6.0.6-3
lxdsourcetrixie5.0.2+git20231211.1364ae4-9+deb13u5
lxdsource(unstable)(unfixed)

Notes

https://github.com/canonical/lxd/security/advisories/GHSA-q96j-3fmm-7fv4
https://github.com/canonical/lxd/pull/17921
https://github.com/lxc/incus/pull/3088
Search for package or bug name: Reporting problems