Vulnerability Platform
- AI
Home
POCs
Intel
Stats
Pricing
More
API Docs
Affected Products
Bounty Intel
chars
About
Search
English
δΈζ
English
ζ₯ζ¬θͺ
Theme
Default
Anime Pink
Feeling Rich
Login
Goal Reached
Thanks to every supporter β we hit 100%!
Goal: 1000 CNY Β· Raised:
1000
CNY
100.0%
Buy Us a Coffee
Home
CVE-2026-34178
AI Analysis Summary
CVE-2026-34178
β AI Deep Analysis Summary
Updated May 06, 2026
CVSS 9.1 Β· Critical
This is a
summary
of the AI-generated 10-question deep analysis. The full version (longer answers, follow-up Q&A, related CVEs) requires login.
Read the full analysis β
Q1
What is this vulnerability? (Essence + Consequences)
π¨ **Essence**: LXD backup import validation flaw. π **Consequences**: Authenticated attackers bypass project restrictions to gain **full host control**. π₯ Critical integrity loss.
Q2
Root Cause? (CWE/Flaw)
π‘οΈ **CWE-20**: Improper Input Validation. π **Flaw**: Only checks `backup/index.yaml`. β Ignores `backup/container/backup.yaml` project limits. π« Missing scope checks.
Q3
Who is affected? (Versions/Components)
π’ **Vendor**: Canonical. π¦ **Product**: LXD. π **Affected**: Versions **< 6.8**. π³ Linux container management tool.
Q4
What can hackers do? (Privileges/Data)
π **Privileges**: Full Host Control. π **Access**: Bypasses all project restrictions. π **Data**: Complete compromise of the underlying host system. π Unrestricted access.
Q5
Is exploitation threshold high? (Auth/Config)
π **Auth**: Requires **Authentication** (PR:H). π **Network**: Remote (AV:N). βοΈ **Config**: Low complexity (AC:L). πΆ **UI**: None required. β οΈ Moderate threshold due to auth need.
Q6
Is there a public Exp? (PoC/Wild Exploitation)
π« **Public Exp**: No PoCs listed in data. π΅οΈ **Wild Exp**: Unconfirmed. π **Ref**: Vendor advisory & PR available. π No immediate mass exploitation seen.
Q7
How to self-check? (Features/Scanning)
π **Check**: Scan for LXD versions < 6.8. π **Audit**: Review backup import logs. π οΈ **Tool**: Use CVE scanners for CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H. π Verify `backup.yaml` handling.
Q8
Is it fixed officially? (Patch/Mitigation)
β **Fixed**: Yes. π¦ **Patch**: Update to **LXD 6.8+**. π **Ref**: GitHub PR #17921. π‘οΈ **Mitigation**: Create backup config from index properly.
Q9
What if no patch? (Workaround)
π§ **Workaround**: Restrict backup import permissions. π« **Block**: Disable untrusted backup imports. π **Isolate**: Limit user privileges. π **Monitor**: Watch for suspicious import activities.
Q10
Is it urgent? (Priority Suggestion)
π₯ **Priority**: **CRITICAL**. π¨ **Urgency**: High. π **CVSS**: 9.8 (Critical). β‘ **Action**: Patch immediately. π‘οΈ Protect host integrity.
Continue exploring
Vulnerability detail
Full AI analysis (login)
Canonical
CWE-20