Cyber Resilience

CVE-2026-34177

Critical

Published: 09 April 2026

Published
09 April 2026
Modified
22 April 2026
KEV Added
Patch
CVSS Score v3.1 9.1 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
EPSS Score 0.0036 28.1th percentile
Risk Priority 70 floored blend · peak EPSS

Summary

CVE-2026-34177 is a critical-severity Incomplete List of Disallowed Inputs (CWE-184) vulnerability in Canonical Lxd. Its CVSS base score is 9.1 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 28.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SI-10 (Information Input Validation).

Deeper analysis

Canonical LXD versions 4.12 through 6.7 are affected by CVE-2026-34177, an incomplete denylist vulnerability in the isVMLowLevelOptionForbidden function located in lxd/project/limits/permissions.go. This flaw fails to block the raw.apparmor and raw.qemu.conf keys under the restricted.virtual-machines.lowlevel=block project restriction, allowing unauthorized low-level configurations in virtual machines.

A remote attacker with can_edit permission on a VM instance within a restricted project can exploit this by injecting a custom AppArmor rule and QEMU chardev configuration. This bridges the LXD Unix socket into the guest VM, enabling privilege escalation to LXD cluster administrator and subsequently to host root privileges. The vulnerability has a CVSS v3.1 base score of 9.1 (AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H) and is associated with CWE-184 (Incomplete List of Disallowed Inputs).

Mitigation details are provided in the GitHub security advisory GHSA-fm2x-c5qw-4h6f and the associated pull request at github.com/canonical/lxd/pull/17909, which patches the denylist to include the missing raw.apparmor and raw.qemu.conf keys. Security practitioners should review these resources for upgrade instructions and apply the fix promptly to affected LXD deployments.

EU & UK References

Vulnerability details

Canonical LXD versions 4.12 through 6.7 contain an incomplete denylist in isVMLowLevelOptionForbidden (lxd/project/limits/permissions.go), which omits raw.apparmor and raw.qemu.conf from the set of keys blocked under the restricted.virtual-machines.lowlevel=block project restriction. A remote attacker with can_edit permission on a VM instance in…

more

a restricted project can inject an AppArmor rule and a QEMU chardev configuration that bridges the LXD Unix socket into the guest VM, enabling privilege escalation to LXD cluster administrator and subsequently to host root.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
T1611 Escape to Host Privilege Escalation
Adversaries may break out of a container or virtualized environment to gain access to the underlying host.
Why these techniques?

The vulnerability enables exploitation for privilege escalation (T1068) by allowing injection of AppArmor and QEMU configurations to bridge the LXD Unix socket into the VM guest, facilitating escape to host (T1611) and escalation to LXD cluster admin and host root.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-34178Same product: Canonical Lxd
CVE-2026-34179Same product: Canonical Lxd
CVE-2026-47331Same vendor: Canonical
CVE-2026-3888Same vendor: Canonical
CVE-2026-49238Same vendor: Canonical
CVE-2026-32692Same vendor: Canonical
CVE-2026-32693Same vendor: Canonical
CVE-2026-47333Same vendor: Canonical
CVE-2026-4370Same vendor: Canonical
CVE-2024-6107Same vendor: Canonical

Affected Assets

canonical
lxd
4.12 — 5.0.6 · 5.21.0 — 5.21.4 · 6.0 — 6.7

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Mandates validation of information inputs, directly mitigating the incomplete denylist in isVMLowLevelOptionForbidden that fails to block raw.apparmor and raw.qemu.conf keys.

prevent

Enforces approved authorizations for access to system resources, addressing the failure to block low-level VM configurations under restricted project permissions.

prevent

Establishes restrictive configuration settings for virtualization systems, helping prevent exploitation through incomplete enforcement of lowlevel=block restrictions.

References