Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2026-34178— Importing a crafted backup leads to project restriction bypass

CVSS 9.1 · Critical EPSS 0.05% · P15
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2026-34178

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
Importing a crafted backup leads to project restriction bypass
Source: NVD (National Vulnerability Database)
Vulnerability Description
In Canonical LXD before 6.8, the backup import path validates project restrictions against backup/index.yaml in the supplied tar archive but creates the instance from backup/container/backup.yaml, a separate file in the same archive that is never checked against project restrictions. An authenticated remote attacker with instance-creation permission in a restricted project can craft a backup archive where backup.yaml carries restricted settings such as security.privileged=true or raw.lxc directives, bypassing all project restriction enforcement and allowing full host compromise.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
输入验证不恰当
Source: NVD (National Vulnerability Database)
Vulnerability Title
LXD 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
LXD是Canonical开源的一款基于Linux系统用于管理应用程序的容器。 LXD 6.8之前版本存在安全漏洞,该漏洞源于备份导入路径仅验证备份存档中的backup/index.yaml文件,而未对backup/container/backup.yaml文件进行项目限制检查,可能导致经过身份验证的远程攻击者绕过所有项目限制,完全控制主机。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Shenlong Deep Dive — AI Deep Analysis

10-question deep dive: root cause, exploitation, mitigation, urgency. Read summary free, full version requires login.

Read summary Full analysis (login)

Affected Products

VendorProductAffected VersionsCPESubscribe
Canonicallxd 4.12.0 ~ 5.0.7 -

II. Public POCs for CVE-2026-34178

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium
Qwen3.6-35B-A3B · 6096 chars
Paid plan includes:
In-depth vulnerability mechanism
Trigger conditions & impact
Full executable POC code
Exploit chain & mitigation
POC zip download
100+ AI POC generations per month

III. Intelligence Information for CVE-2026-34178

Please Login to view more intelligence information

Same Patch Batch · Canonical · 2026-04-09 · 5 CVEs total

CVE-2026-341799.1 CRITICALUpdate of type field in restricted TLS certificate allows privilege escalation to cluster
CVE-2026-341779.1 CRITICALVM lowlevel restriction bypass via raw.apparmor and raw.qemu.conf
CVE-2025-15480Senstive information disclosure was affecting ubuntu-desktop-provision
CVE-2025-14551Senstive information disclosure was affecting subiquity

IV. Related Vulnerabilities

Same product: lxd
Same vendor: Canonical
Same weakness: CWE-20

V. Comments for CVE-2026-34178

No comments yet

Leave a comment