Nixpkgs security tracker
Untriaged
Permalink
CVE-2026-34179
9.1 CRITICAL
- CVSS version (CVSS): 3.1
- Attack Vector (AV): Network (N)
- Attack Complexity (AC): Low (L)
- Privileges Required (PR): High (H)
- User Interaction (UI): None (N)
- Scope (S): Changed (C)
- Confidentiality (C): High (H)
- Integrity (I): High (H)
- Availability (A): High (H)
- Modified Attack Vector (MAV): Network (N)
- Modified Attack Complexity (MAC): Low (L)
- Modified Privileges Required (MPR): High (H)
- Modified User Interaction (MUI): None (N)
- Modified Confidentiality (MC): High (H)
- Modified Scope (MS): Changed (C)
- Modified Integrity (MI): High (H)
- Modified Availability (MA): High (H)
Activity log
- Created suggestion
Update of type field in restricted TLS certificate allows privilege escalation to cluster admin
In Canonical LXD versions 4.12 through 6.7, the doCertificateUpdate function in lxd/certificates.go does not validate the Type field when handling PUT/PATCH requests to /1.0/certificates/{fingerprint} for restricted TLS certificate users, allowing a remote authenticated attacker to escalate privileges to cluster admin.
References
-
Update of type field in restricted TLS certificate allows privilege escalation to cluster admin vdb-entryexploitvendor-advisory
-
Affected products
lxd
- <5.21.5
- <5.0.7
- <6.8.0
Matching in nixpkgs
pkgs.lxd-ui
Web user interface for LXD
pkgs.lxd-lts
Daemon based on liblxc offering a REST API to manage containers
pkgs.lxd-image-server
Creates and manages a simplestreams lxd image server on top of nginx
pkgs.lxd-unwrapped-lts
Daemon based on liblxc offering a REST API to manage containers
pkgs.python312Packages.pylxd
Library for interacting with the LXD REST API
pkgs.python313Packages.pylxd
Library for interacting with the LXD REST API
pkgs.python314Packages.pylxd
Library for interacting with the LXD REST API
pkgs.terraform-providers.lxd
None
Package maintainers
-
@mkg20001 Maciej Krüger <mkg20001+nix@gmail.com>