CVE-2026-34177: CWE-184 Incomplete list of disallowed inputs in Canonical lxd
Canonical LXD versions 4.12 through 6.7 contain an incomplete denylist in isVMLowLevelOptionForbidden (lxd/project/limits/permissions.go), which omits raw.apparmor and raw.qemu.conf from the set of keys blocked under the restricted.virtual-machines.lowlevel=block project restriction. A remote attacker with can_edit permission on a VM instance in a restricted project can inject an AppArmor rule and a QEMU chardev configuration that bridges the LXD Unix socket into the guest VM, enabling privilege escalation to LXD cluster administrator and subsequently to host root.
AI Analysis
Technical Summary
CVE-2026-34177 is a critical vulnerability in Canonical LXD (versions 4.12 through 6.7) caused by an incomplete denylist in the isVMLowLevelOptionForbidden function. Specifically, the keys raw.apparmor and raw.qemu.conf are not blocked under the restricted.virtual-machines.lowlevel=block project restriction. This allows a remote attacker with can_edit permission on a VM instance within a restricted project to inject malicious AppArmor rules and QEMU chardev configurations. Such injection can bridge the LXD Unix socket into the guest VM, enabling privilege escalation to the LXD cluster administrator role and subsequently to host root privileges. The vulnerability has a CVSS 3.1 score of 9.1, indicating critical severity with network attack vector, low attack complexity, high privileges required, no user interaction, and impacts on confidentiality, integrity, and availability with scope change.
Potential Impact
An attacker with can_edit permission on a VM instance in a restricted project can escalate privileges to LXD cluster administrator and then to host root. This compromises the confidentiality, integrity, and availability of the host and cluster environment. The vulnerability affects LXD versions 4.12 through 6.7. No known exploits are reported in the wild at this time.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, restrict can_edit permissions carefully and monitor for suspicious activity related to VM configuration changes. Avoid granting can_edit permissions in restricted projects where possible.
CVE-2026-34177: CWE-184 Incomplete list of disallowed inputs in Canonical lxd
Description
Canonical LXD versions 4.12 through 6.7 contain an incomplete denylist in isVMLowLevelOptionForbidden (lxd/project/limits/permissions.go), which omits raw.apparmor and raw.qemu.conf from the set of keys blocked under the restricted.virtual-machines.lowlevel=block project restriction. A remote attacker with can_edit permission on a VM instance in a restricted project can inject an AppArmor rule and a QEMU chardev configuration that bridges the LXD Unix socket into the guest VM, enabling privilege escalation to LXD cluster administrator and subsequently to host root.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
CVE-2026-34177 is a critical vulnerability in Canonical LXD (versions 4.12 through 6.7) caused by an incomplete denylist in the isVMLowLevelOptionForbidden function. Specifically, the keys raw.apparmor and raw.qemu.conf are not blocked under the restricted.virtual-machines.lowlevel=block project restriction. This allows a remote attacker with can_edit permission on a VM instance within a restricted project to inject malicious AppArmor rules and QEMU chardev configurations. Such injection can bridge the LXD Unix socket into the guest VM, enabling privilege escalation to the LXD cluster administrator role and subsequently to host root privileges. The vulnerability has a CVSS 3.1 score of 9.1, indicating critical severity with network attack vector, low attack complexity, high privileges required, no user interaction, and impacts on confidentiality, integrity, and availability with scope change.
Potential Impact
An attacker with can_edit permission on a VM instance in a restricted project can escalate privileges to LXD cluster administrator and then to host root. This compromises the confidentiality, integrity, and availability of the host and cluster environment. The vulnerability affects LXD versions 4.12 through 6.7. No known exploits are reported in the wild at this time.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, restrict can_edit permissions carefully and monitor for suspicious activity related to VM configuration changes. Avoid granting can_edit permissions in restricted projects where possible.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- canonical
- Date Reserved
- 2026-03-26T09:24:08.448Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 69d773081cc7ad14da8bdc1b
Added to database: 4/9/2026, 9:36:08 AM
Last enriched: 4/9/2026, 9:51:10 AM
Last updated: 4/9/2026, 1:04:24 PM
Views: 56
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.