Security Advisory

CVE-2026-34179

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2026-04-09 09:22:14

Last updated 2026-04-09 11:54:18

Assigner canonical

State PUBLISHED

Description

In Canonical LXD versions 4.12 through 6.7, the doCertificateUpdate function in lxd/certificates.go does not validate the Type field when handling PUT/PATCH requests to /1.0/certificates/{fingerprint} for restricted TLS certificate users, allowing a remote authenticated attacker to escalate privileges to cluster admin.

← Browse all CVEs View on cve.org ↗