[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2026-34179":6},{"stargazers_count":4,"fetched_at":5},5,"2026-04-09T20:11:56.904Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":19,"aliases":20,"duplicate_of":9,"upstream":21,"downstream":22,"duplicates":23,"related":24,"reserved_at":9,"published_at":25,"modified_at":26,"state":27,"summary":28,"references_raw":37,"kevs":51,"epss":52,"epss_history":55,"metrics":57,"affected":65},"CVE-2026-34179","In Canonical LXD versions 4.12 through 6.7, the doCertificateUpdate function in lxd/certificates.go does not validate the Type field when handling PUT/PATCH requests to /1.0/certificates/{fingerprint} for restricted TLS certificate users, allowing a remote authenticated attacker to escalate privileges to cluster admin.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":9,"capec":18},"CWE-915","Improperly Controlled Modification of Dynamically-Determined Object Attributes","The product receives input from an upstream component that specifies multiple attributes, properties, or fields that are to be initialized or updated in an object, but it does not properly control which attributes can be modified.","weakness","Incomplete","Base",[],[],[],[],[],[],[],"2026-04-09T09:22:14.693Z","2026-04-09T11:54:18.487Z","Received",{"cisa_kev":29,"cisa_ransomware":29,"cisa_vendor":9,"epss_severity":30,"epss_score":31,"severity":32,"severity_score":33,"severity_version":34,"severity_source":35,"severity_vector":36,"severity_status":27},false,"low",0.00087,"critical",9.1,"v3.1","cve.org","CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",[38,45],{"url":39,"sources":40,"tags":42},"https://github.com/canonical/lxd/security/advisories/GHSA-c3h3-89qf-jqm5",[35,41],"nvd",[43,44],"VDB Entry","Vendor Advisory",{"url":46,"sources":47,"tags":48},"https://github.com/canonical/lxd/pull/17936",[35,41],[49,50],"Patch","Issue Tracking",[],{"date":53,"score":31,"percentile":54},"2026-04-09",0.25084,[56],{"date":53,"score":31,"percentile":54},[58,63],{"source":35,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":59,"cvss_v4_0":9},{"baseScore":33,"baseSeverity":60,"vectorString":36,"impactScore":61,"exploitabilityScore":62},"CRITICAL",10,5.9,{"source":41,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":64,"cvss_v4_0":9},{"baseScore":33,"baseSeverity":60,"vectorString":36,"impactScore":61,"exploitabilityScore":62},[66],{"ecosystem":9,"name":67,"vendor":68,"product":67,"cpe_part":69,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":70},"lxd","canonical","a",[71,78,82],{"version":72,"is_range":73,"range_type":35,"version_start":74,"version_start_type":75,"version_end":76,"version_end_type":77,"fixed_in":9},">= 4.12.0, \u003C 5.0.7",true,"4.12.0","including","5.0.7","excluding",{"version":79,"is_range":73,"range_type":35,"version_start":80,"version_start_type":75,"version_end":81,"version_end_type":77,"fixed_in":9},">= 5.1.0, \u003C 5.21.5","5.1.0","5.21.5",{"version":83,"is_range":73,"range_type":35,"version_start":84,"version_start_type":75,"version_end":85,"version_end_type":77,"fixed_in":9},">= 6.0.0, \u003C 6.8.0","6.0.0","6.8.0"]