Lucene search
K

9 matches found

CVE
CVE
added 2026/06/26 4:23 p.m.10 views

CVE-2026-28385

CVE-2026-28385 : Canonical LXD 4.12–6.9 contains an SSRF in image import from URL sources. Authenticated users with the can_create_images entitlement can leverage the /images endpoint to trigger outbound requests from the LXD daemon, failing to validate or restrict destinations. This allows conta...

5CVSS5.8AI score0.00172EPSS
Exploits0References2
NVD
NVD
added 2026/03/12 3:16 p.m.3 views

CVE-2026-28384

An improper sanitization of the compressionalgorithm parameter in Canonical LXD allows an authenticated, unprivileged user to execute commands as the LXD daemon on the LXD server via API calls to the image and backup endpoints. This issue affected LXD from 4.12 through 6.6 and was fixed in the sn...

9.4CVSS0.00502EPSS
Exploits0References5
OSV
OSV
added 2026/03/12 3:16 p.m.4 views

CVE-2026-28384

An improper sanitization of the compressionalgorithm parameter in Canonical LXD allows an authenticated, unprivileged user to execute commands as the LXD daemon on the LXD server via API calls to the image and backup endpoints. This issue affected LXD from 4.12 through 6.6 and was fixed in the sn...

9.4CVSS6AI score
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/03/12 2:51 p.m.1 views

CVE-2026-28384 Authenticated RCE via unsanitized compression_algorithm

An improper sanitization of the compressionalgorithm parameter in Canonical LXD allows an authenticated, unprivileged user to execute commands as the LXD daemon on the LXD server via API calls to the image and backup endpoints. This issue affected LXD from 4.12 through 6.6 and was fixed in the sn...

9.4CVSS6AI score0.00502EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/03/12 2:51 p.m.5 views

CVE-2026-28384

An improper sanitization of the compressionalgorithm parameter in Canonical LXD allows an authenticated, unprivileged user to execute commands as the LXD daemon on the LXD server via API calls to the image and backup endpoints. This issue affected LXD from 4.12 through 6.6 and was fixed in the sn...

9.4CVSS5.9AI score0.00502EPSS
Exploits0References6Affected Software1
AlpineLinux
AlpineLinux
added 2026/03/12 2:51 p.m.7 views

CVE-2026-28384

An improper sanitization of the compressionalgorithm parameter in Canonical LXD allows an authenticated, unprivileged user to execute commands as the LXD daemon on the LXD server via API calls to the image and backup endpoints. This issue affected LXD from 4.12 through 6.6 and was fixed in the sn...

9.4CVSS6AI score0.00502EPSS
Exploits0
Cvelist
Cvelist
added 2026/03/12 2:51 p.m.23 views

CVE-2026-28384 Authenticated RCE via unsanitized compression_algorithm

An improper sanitization of the compressionalgorithm parameter in Canonical LXD allows an authenticated, unprivileged user to execute commands as the LXD daemon on the LXD server via API calls to the image and backup endpoints. This issue affected LXD from 4.12 through 6.6 and was fixed in the sn...

9.4CVSS0.00502EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/03/12 12:0 a.m.5 views

PT-2026-24958

Name of the Vulnerable Software and Affected Versions Canonical LXD versions 4.12 through 6.6 Description An improper sanitization of the compression algorithm parameter in Canonical LXD allows an authenticated, unprivileged user to execute commands as the LXD daemon on the LXD server via API cal...

9.4CVSS6AI score0.00502EPSS
Exploits0References15
CNVD
CNVD
added 2015/11/19 12:0 a.m.3 views

Ubuntu lxd package mode error vulnerability

The Ubuntu lxd package is a Linux Container Daemon OpenStack working environment package developed by Canonical UK and the Ubuntu Foundation. A security vulnerability exists in the lxd-unix.socket systemd unit file in versions of the Ubuntu lxd package prior to 0.20-0ubuntu4.1. Since the program...

4.6CVSS6.7AI score0.00382EPSS
Exploits0References1
Rows per page
Query Builder