CVE Catalog

CVE-2026-9640

HighCVSS 7.2
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.33%

25th percentile — higher than 25% of all known CVEs

Summary

A privilege escalation vulnerability in LXD versions 6.0 before 6.9, 5.21.0 before 5.21.5, and 5.0.0 before 5.0.7 allows bypassing project-restriction policies during snapshot restoration. An authenticated project operator can import a malicious instance backup with restricted configuration keys in a snapshot, which are applied without validation upon restoration.

Risk Assessment

The organization risks unauthorized host root access by a project operator, potentially leading to full system compromise and tenant isolation breach.

Recommendation

Immediately upgrade LXD to version 6.9, 5.21.5, or 5.0.7 depending on the branch used. Until patched, restrict snapshot restoration operations to trusted operators only.

Original NVD description (English source)

A privilege escalation vulnerability exists in LXD from 6.0 before 6.9, 5.21.0 before 5.21.5, and 5.0.0 before 5.0.7 regarding the handling of project-restriction policies during snapshot restoration.. An authenticated project operator in a restricted multi-tenant environment can bypass policy restrictions by importing a maliciously crafted instance backup containing restricted configuration keys within a snapshot. When the snapshot is restored, these restricted keys are applied to the live instance without policy validation. Starting the modified instance grants the operator unauthorized host root access.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS