CVE-2026-34179

Received

Published: 09 Apr 2026, 09:22

Last modified:09 Apr 2026, 11:54

Vulnerability Summary

Overall Risk (default)

high

70/100

CVSS Score

9.1 CRITICAL

v3.1 (cve.org)

EPSS Score

0.09% LOW

0% probability

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

09 Apr 2026, 09:22

Published

Vulnerability first disclosed

09 Apr 2026, 11:54

Last Modified

Vulnerability information updated

Description

In Canonical LXD versions 4.12 through 6.7, the doCertificateUpdate function in lxd/certificates.go does not validate the Type field when handling PUT/PATCH requests to /1.0/certificates/{fingerprint} for restricted TLS certificate users, allowing a remote authenticated attacker to escalate privileges to cluster admin.

CVSS Metrics

v3.1•CRITICAL•Score: 9.1CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

EPSS Trends

Current EPSS score: 0.09%• Percentile: 25%

Techniques & Countermeasures

CWE-915•Improperly Controlled Modification of Dynamically-Determined Object Attributes
The product receives input from an upstream component that specifies multiple attributes, properties, or fields that are to be initialized or updated in an object, but it does not properly control which attributes can be modified.

Affected Systems

canonical•lxd
≥ 4.12.0, < 5.0.7 | ≥ 5.1.0, < 5.21.5 | ≥ 6.0.0, < 6.8.0