CVE-2026-34177 | Canonical LXD up to 5.0.6/5.21.4/6.7.x permissions.go isVMLowLevelOptionForbidden incomplete blacklist

Inserito da Angelo Barbosa | Apr 9, 2026 | CVE

A vulnerability described as critical has been identified in Canonical LXD up to 5.0.6/5.21.4/6.7.x. This impacts the function isVMLowLevelOptionForbidden of the file lxd/project/limits/permissions.go. The manipulation results in incomplete blacklist.

This vulnerability was named CVE-2026-34177. The attack may be performed from remote. There is no available exploit.

Upgrading the affected component is recommended.

CVE-2026-34177 | Canonical LXD up to 5.0.6/5.21.4/6.7.x permissions.go isVMLowLevelOptionForbidden incomplete blacklist

Post correlati

CVE-2026-21717 | Node.js up to 20.20.1/22.22.1/24.14.0/25.8.1 V8 Handler JSON.parse denial of service

CVE-2026-3836 | Oll dnf5 D-Bus Locale Configuration path traversal

CVE-2024-1680 | Premium Addons for Elementor Plugin up to 4.10.21 on WordPress cross site scripting

CVE-2025-8282 | SureForms Plugin up to 1.9.0 on WordPress cross site scripting