Cyber Resilience

CVE-2026-34178

CriticalPublic PoC

Published: 09 April 2026

Published
09 April 2026
Modified
22 April 2026
KEV Added
Patch
CVSS Score v3.1 9.1 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
EPSS Score 0.0042 33.9th percentile
Risk Priority 70 floored blend · peak EPSS

Summary

CVE-2026-34178 is a critical-severity Improper Input Validation (CWE-20) vulnerability in Canonical Lxd. Its CVSS base score is 9.1 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 33.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2026-34178 is an improper input validation vulnerability (CWE-20) in Canonical LXD versions prior to 6.8. The issue lies in the backup import functionality, where project restrictions are enforced by validating the backup/index.yaml file within a supplied tar archive. However, the instance is actually created using the separate backup/container/backup.yaml file, which is not checked against project restrictions. This discrepancy allows attackers to embed unauthorized configurations in the unchecked file. The vulnerability carries a CVSS v3.1 base score of 9.1 (AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H), indicating critical severity due to its potential for high-impact exploitation.

An authenticated remote attacker with instance-creation permissions in a restricted LXD project can exploit this by crafting a malicious tar archive backup. By placing restricted settings, such as security.privileged=true or raw.lxc directives, into the backup.yaml file while ensuring index.yaml passes validation, the attacker bypasses all project restrictions during import. Successful exploitation enables creation of a privileged container, leading to full host compromise through container escape and arbitrary code execution on the underlying system.

Mitigation is addressed in the referenced GitHub security advisory (GHSA-q96j-3fmm-7fv4) and pull request #17921, which patch the validation logic in LXD 6.8 and later versions. Security practitioners should upgrade to LXD 6.8 or higher and review access controls for instance-creation permissions in restricted projects to prevent exploitation.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

In Canonical LXD before 6.8, the backup import path validates project restrictions against backup/index.yaml in the supplied tar archive but creates the instance from backup/container/backup.yaml, a separate file in the same archive that is never checked against project restrictions. An…

more

authenticated remote attacker with instance-creation permission in a restricted project can craft a backup archive where backup.yaml carries restricted settings such as security.privileged=true or raw.lxc directives, bypassing all project restriction enforcement and allowing full host compromise.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
T1611 Escape to Host Privilege Escalation
Adversaries may break out of a container or virtualized environment to gain access to the underlying host.
Why these techniques?

Improper input validation bypasses LXD project restrictions to create privileged containers, directly enabling privilege escalation (T1068) and facilitating container escape to host for full compromise (T1611).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-34177Same product: Canonical Lxd
CVE-2026-34179Same product: Canonical Lxd
CVE-2026-47331Same vendor: Canonical
CVE-2026-3888Same vendor: Canonical
CVE-2026-49238Same vendor: Canonical
CVE-2023-0881Same vendor: Canonical
CVE-2026-47333Same vendor: Canonical
CVE-2026-32692Same vendor: Canonical
CVE-2026-32693Same vendor: Canonical
CVE-2025-29814Shared CWE-20

Affected Assets

canonical
lxd
4.12 — 5.0.6 · 5.21.0 — 5.21.4 · 6.0 — 6.7

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly addresses the improper input validation vulnerability by requiring checks on all relevant files, including backup/container/backup.yaml, against project restrictions during tar archive import.

prevent

Ensures timely identification, reporting, and patching of the specific flaw in LXD backup import functionality to prevent exploitation.

prevent

Enforces least privilege by restricting instance-creation permissions to only necessary users, reducing the population able to craft and import malicious backup archives.

References