CVE-2026-12411

HIGH NVD

CVSS Score 8.4

Severity HIGH

Published Jun 26, 2026

Vendor unknown

Description

Broken Access Control in the devLXDInstancePatchHandler component of Canonical LXD allows an untrusted guest to mount, read, and overwrite another guest's custom storage volume via a crafted device PATCH request over /dev/lxd when security.devlxd.management.volumes is enabled.

References

https://github.com/canonical/lxd/pull/18585
https://github.com/canonical/lxd/security/advisories/GHSA-hhf9-qw4v-72xp
https://github.com/canonical/lxd/security/advisories/GHSA-hhf9-qw4v-72xp