CVE-2026-34177
Published: 09 April 2026
Summary
CVE-2026-34177 is a critical-severity Incomplete List of Disallowed Inputs (CWE-184) vulnerability in Canonical Lxd. Its CVSS base score is 9.1 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 36.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SI-10 (Information Input Validation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Mandates validation of information inputs, directly mitigating the incomplete denylist in isVMLowLevelOptionForbidden that fails to block raw.apparmor and raw.qemu.conf keys.
Enforces approved authorizations for access to system resources, addressing the failure to block low-level VM configurations under restricted project permissions.
Establishes restrictive configuration settings for virtualization systems, helping prevent exploitation through incomplete enforcement of lowlevel=block restrictions.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The vulnerability enables exploitation for privilege escalation (T1068) by allowing injection of AppArmor and QEMU configurations to bridge the LXD Unix socket into the VM guest, facilitating escape to host (T1611) and escalation to LXD cluster admin and host root.
NVD Description
Canonical LXD versions 4.12 through 6.7 contain an incomplete denylist in isVMLowLevelOptionForbidden (lxd/project/limits/permissions.go), which omits raw.apparmor and raw.qemu.conf from the set of keys blocked under the restricted.virtual-machines.lowlevel=block project restriction. A remote attacker with can_edit permission on a VM instance in…
more
a restricted project can inject an AppArmor rule and a QEMU chardev configuration that bridges the LXD Unix socket into the guest VM, enabling privilege escalation to LXD cluster administrator and subsequently to host root.
Deeper analysisAI
Canonical LXD versions 4.12 through 6.7 are affected by CVE-2026-34177, an incomplete denylist vulnerability in the isVMLowLevelOptionForbidden function located in lxd/project/limits/permissions.go. This flaw fails to block the raw.apparmor and raw.qemu.conf keys under the restricted.virtual-machines.lowlevel=block project restriction, allowing unauthorized low-level configurations in virtual machines.
A remote attacker with can_edit permission on a VM instance within a restricted project can exploit this by injecting a custom AppArmor rule and QEMU chardev configuration. This bridges the LXD Unix socket into the guest VM, enabling privilege escalation to LXD cluster administrator and subsequently to host root privileges. The vulnerability has a CVSS v3.1 base score of 9.1 (AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H) and is associated with CWE-184 (Incomplete List of Disallowed Inputs).
Mitigation details are provided in the GitHub security advisory GHSA-fm2x-c5qw-4h6f and the associated pull request at github.com/canonical/lxd/pull/17909, which patches the denylist to include the missing raw.apparmor and raw.qemu.conf keys. Security practitioners should review these resources for upgrade instructions and apply the fix promptly to affected LXD deployments.
Details
- CWE(s)