PT-2026-22731

Name of the Vulnerable Software and Affected Versions Canonical LXD version 6.6 Description An authorization issue exists in the API endpoint GET /1.0/certificates. An authenticated user with restricted privileges can list all certificate fingerprints trusted by the LXD server. Recommendations...

CVE-2025-54286

CVE-2025-54286 corresponds to CSRF in LXD-UI for Canonical LXD versions ≥5.0 on Linux, where an attacker can create and start containers without user consent via crafted HTML form submissions that abuse client certificate authentication. Debian advisories (DSA-6027/6028) enumerate multiple LXD-re...

LXD 安全漏洞

LXD is a Canonical open source container for managing applications on Linux-based systems. A security vulnerability exists in LXD 5.0 and prior versions, which stems from a cross-site request forgery in client certificate authentication that could lead to the creation and launch of container...

GHSA-6XC7-4CX8-J3XC OpenStack Nova-LXD bypass security restrictions

OpenStack Nova-LXD before 13.1.1 uses the wrong name for the veth pairs when applying Neutron security group rules for instances, which allows remote attackers to bypass intended security restrictions...