| Bug | Description |
|---|
| CVE-2026-34179 | In Canonical LXD versions 4.12 through 6.7, the doCertificateUpdate fu ... |
| CVE-2026-34178 | In Canonical LXD before 6.8, the backup import path validates project ... |
| CVE-2026-34177 | Canonical LXD versions 4.12 through 6.7 contain an incomplete denylist ... |
| CVE-2026-33945 | Incus is a system container and virtual machine manager. Incus instanc ... |
| CVE-2026-33897 | Incus is a system container and virtual machine manager. Prior to vers ... |
| CVE-2026-33743 | Incus is a system container and virtual machine manager. Prior to vers ... |
| CVE-2026-33542 | Incus is a system container and virtual machine manager. Prior to vers ... |
| CVE-2026-28384 | An improper sanitization of the compression_algorithm parameter in Can ... |
| CVE-2026-23954 | Incus is a system container and virtual machine manager. Versions 6.21 ... |
| CVE-2026-23953 | Incus is a system container and virtual machine manager. In versions 6 ... |
| CVE-2026-3351 | Improper authorization in the API endpoint GET /1.0/certificates in Ca ... |
| CVE-2025-64507 | Incus is a system container and virtual machine manager. An issue in v ... |
| CVE-2025-54293 | Path Traversal in the log file retrieval function in Canonical LXD 5.0 ... |
| CVE-2025-54291 | Information disclosure in images API in Canonical LXD before 6.5 and 5 ... |
| CVE-2025-54290 | Information disclosure in image export API in Canonical LXD before 6.5 ... |
| CVE-2025-54289 | Privilege Escalation in operations API in Canonical LXD <6.5 on multip ... |
| CVE-2025-54288 | Information Spoofing in devLXD Server in Canonical LXD versions 4.0 an ... |
| CVE-2025-54287 | Template Injection in instance snapshot creation component in Canonica ... |
| CVE-2025-54286 | Cross-Site Request Forgery (CSRF) in LXD-UI in Canonical LXD versions ... |
| CVE-2025-52890 | Incus is a system container and virtual machine manager. When using an ... |
| CVE-2025-52889 | Incus is a system container and virtual machine manager. When using an ... |
| CVE-2024-6219 | Mark Laing discovered in LXD's PKI mode, until version 5.21.1, that a ... |
| CVE-2024-6156 | Mark Laing discovered that LXD's PKI mode, until version 5.21.2, could ... |
| CVE-2023-49721 | An insecure default to allow UEFI Shell in EDK2 was left enabled in LX ... |